1e8c736a70
Note that all IPv6 address must be wrapped with square bracket, like: ALL: [::1/128] 127.0.0.1/255.255.255.255 Increase shlib minor. ftp://ftp.kame.net/pub/kame/misc/tcp_wrappers-76-v6-19990831.diff.gz
106 lines
3.4 KiB
Groff
106 lines
3.4 KiB
Groff
.\" $NetBSD: tcpdmatch.8,v 1.4 1999/08/31 13:58:58 itojun Exp $
|
|
.\"
|
|
.TH TCPDMATCH 8
|
|
.SH NAME
|
|
tcpdmatch \- tcp wrapper oracle
|
|
.SH SYNOPSIS
|
|
tcpdmatch [-d] [-i inet_conf] daemon client
|
|
.sp
|
|
tcpdmatch [-d] [-i inet_conf] daemon[@server] [user@]client
|
|
.SH DESCRIPTION
|
|
.PP
|
|
\fItcpdmatch\fR predicts how the tcp wrapper would handle a specific
|
|
request for service. Examples are given below.
|
|
.PP
|
|
The program examines the \fItcpd\fR access control tables (default
|
|
\fI/etc/hosts.allow\fR and \fI/etc/hosts.deny\fR) and prints its
|
|
conclusion. For maximal accuracy, it extracts additional information
|
|
from your \fIinetd\fR or \fItlid\fR network configuration file.
|
|
.PP
|
|
When \fItcpdmatch\fR finds a match in the access control tables, it
|
|
identifies the matched rule. In addition, it displays the optional
|
|
shell commands or options in a pretty-printed format; this makes it
|
|
easier for you to spot any discrepancies between what you want and what
|
|
the program understands.
|
|
.SH ARGUMENTS
|
|
The following two arguments are always required:
|
|
.IP daemon
|
|
A daemon process name. Typically, the last component of a daemon
|
|
executable pathname.
|
|
.IP client
|
|
A host name or network address, or one of the `unknown' or `paranoid'
|
|
wildcard patterns.
|
|
.sp
|
|
When a client host name is specified, \fItcpdmatch\fR gives a
|
|
prediction for each address listed for that client.
|
|
.sp
|
|
When a client address is specified, \fItcpdmatch\fR predicts what
|
|
\fItcpd\fR would do when client name lookup fails.
|
|
.PP
|
|
Optional information specified with the \fIdaemon@server\fR form:
|
|
.IP server
|
|
A host name or network address, or one of the `unknown' or `paranoid'
|
|
wildcard patterns. The default server name is `unknown'.
|
|
.PP
|
|
Optional information specified with the \fIuser@client\fR form:
|
|
.IP user
|
|
A client user identifier. Typically, a login name or a numeric userid.
|
|
The default user name is `unknown'.
|
|
.SH OPTIONS
|
|
.IP -d
|
|
Examine \fIhosts.allow\fR and \fIhosts.deny\fR files in the current
|
|
directory instead of the default ones.
|
|
.IP "-i inet_conf"
|
|
Specify this option when \fItcpdmatch\fR is unable to find your
|
|
\fIinetd.conf\fR or \fItlid.conf\fR network configuration file, or when
|
|
you suspect that the program uses the wrong one.
|
|
.SH EXAMPLES
|
|
To predict how \fItcpd\fR would handle a telnet request from the local
|
|
system:
|
|
.sp
|
|
.ti +5
|
|
tcpdmatch in.telnetd localhost
|
|
.PP
|
|
The same request, pretending that hostname lookup failed:
|
|
.sp
|
|
.ti +5
|
|
tcpdmatch in.telnetd 127.0.0.1
|
|
.PP
|
|
To predict what tcpd would do when the client name does not match the
|
|
client address:
|
|
.sp
|
|
.ti +5
|
|
tcpdmatch in.telnetd paranoid
|
|
.PP
|
|
On some systems, daemon names have no `in.' prefix, or \fItcpdmatch\fR
|
|
may need some help to locate the inetd configuration file.
|
|
.SH FILES
|
|
.PP
|
|
The default locations of the \fItcpd\fR access control tables are:
|
|
.PP
|
|
/etc/hosts.allow
|
|
.br
|
|
/etc/hosts.deny
|
|
.SH SEE ALSO
|
|
.na
|
|
.nf
|
|
tcpdchk(8), tcpd configuration checker
|
|
hosts_access(5), format of the tcpd access control tables.
|
|
hosts_options(5), format of the language extensions.
|
|
inetd.conf(5), format of the inetd control file.
|
|
tlid.conf(5), format of the tlid control file.
|
|
.SH AUTHORS
|
|
.na
|
|
.nf
|
|
Wietse Venema (wietse@wzv.win.tue.nl),
|
|
Department of Mathematics and Computing Science,
|
|
Eindhoven University of Technology
|
|
Den Dolech 2, P.O. Box 513,
|
|
5600 MB Eindhoven, The Netherlands
|
|
\" @(#) tcpdmatch.8 1.5 96/02/11 17:01:35
|
|
.SH BUGS
|
|
If you specify FQDN hostname as client,
|
|
they will be recognized only as IPv4 or IPv6 address,
|
|
which should be recognized as both.
|
|
This should be solved when getipnodebyname(3) is supplied.
|