tcpdmatch(8)
- NetBSD Manual Pages
TCPDMATCH(8) TCPDMATCH(8)
NAME
tcpdmatch - tcp wrapper oracle
SYNOPSIS
tcpdmatch [-d] [-i inet_conf] daemon client
tcpdmatch [-d] [-i inet_conf] daemon[@server]
[user@]client
DESCRIPTION
tcpdmatch predicts how the tcp wrapper would handle a spe-
cific request for service. Examples are given below.
The program examines the tcpd access control tables
(default /etc/hosts.allow and /etc/hosts.deny) and prints
its conclusion. For maximal accuracy, it extracts addi-
tional information from your inetd or tlid network config-
uration file.
When tcpdmatch finds a match in the access control tables,
it identifies the matched rule. In addition, it displays
the optional shell commands or options in a pretty-printed
format; this makes it easier for you to spot any discrep-
ancies between what you want and what the program under-
stands.
ARGUMENTS
The following two arguments are always required:
daemon A daemon process name. Typically, the last compo-
nent of a daemon executable pathname.
client A host name or network address, or one of the
`unknown' or `paranoid' wildcard patterns.
When a client host name is specified, tcpdmatch
gives a prediction for each address listed for that
client.
When a client address is specified, tcpdmatch pre-
dicts what tcpd would do when client name lookup
fails.
Optional information specified with the daemon@server
form:
server A host name or network address, or one of the
`unknown' or `paranoid' wildcard patterns. The
default server name is `unknown'.
Optional information specified with the user@client form:
user A client user identifier. Typically, a login name
or a numeric userid. The default user name is
1
TCPDMATCH(8) TCPDMATCH(8)
`unknown'.
OPTIONS
-d Examine hosts.allow and hosts.deny files in the
current directory instead of the default ones.
-i inet_conf
Specify this option when tcpdmatch is unable to
find your inetd.conf or tlid.conf network configu-
ration file, or when you suspect that the program
uses the wrong one.
EXAMPLES
To predict how tcpd would handle a telnet request from the
local system:
tcpdmatch in.telnetd localhost
The same request, pretending that hostname lookup failed:
tcpdmatch in.telnetd 127.0.0.1
To predict what tcpd would do when the client name does
not match the client address:
tcpdmatch in.telnetd paranoid
On some systems, daemon names have no `in.' prefix, or
tcpdmatch may need some help to locate the inetd configu-
ration file.
FILES
The default locations of the tcpd access control tables
are:
/etc/hosts.allow
/etc/hosts.deny
SEE ALSO
tcpdchk(8), tcpd configuration checker
hosts_access(5), format of the tcpd access control tables.
hosts_options(5), format of the language extensions.
inetd.conf(5), format of the inetd control file.
tlid.conf(5), format of the tlid control file.
AUTHORS
Wietse Venema (wietse@wzv.win.tue.nl),
Department of Mathematics and Computing Science,
Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands
2
TCPDMATCH(8) TCPDMATCH(8)
BUGS
If you specify FQDN hostname as client, they will be rec-
ognized only as IPv4 or IPv6 address, which should be rec-
ognized as both. This should be solved when getipnodebyname(3)
is supplied.
3
Powered by man-cgi (2024-03-20).
Maintained for NetBSD
by Kimmo Suominen.
Based on man-cgi by Panagiotis Christias.