Bug 83846 - RFE: prefer TCP wrapper for denying access
Summary: RFE: prefer TCP wrapper for denying access
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: rhl-rg
Version: 9
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Johnray Fuller
QA Contact:
Depends On:
Blocks: 89274
TreeView+ depends on / blocked
Reported: 2003-02-09 19:43 UTC by Michael Redinger
Modified: 2007-04-18 16:50 UTC (History)
0 users

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed: 2003-06-30 19:42:17 UTC

Attachments (Terms of Use)

Description Michael Redinger 2003-02-09 19:43:05 UTC
Red Hat Linux Reference Guide 8.0.93
Page 112f ( Access Control Options)
Add a note that it's almost always better to not use control options
in xinetd but rely on hosts.(allow|deny) instead.
In hosts.deny you can block everything with ALL: ALL and then allow
the required services in hosts.allow.
If you use only_from or no_access in the xinetd configuration files, you
miss those programs that are not started using xinetd but are also using
TCP wrappers. Mixing both is obviousely a bad idea, so use
hosts.(allow|deny) instead.

Comment 1 Johnray Fuller 2003-02-12 07:49:37 UTC
There is talk of changing TCP wrappers infrastructure, so I did not "go there." 

I will leave this as an RFE for next round.

Thanks again.


Comment 2 Johnray Fuller 2003-06-30 19:42:17 UTC
I have added this information to the most recent version.

This chapter will be on the Docs Beta CD and in the final product.


Note You need to log in before you can comment on or make changes to this bug.