|TCPDMATCH(8)||System Manager's Manual||TCPDMATCH(8)|
tcpdmatch - tcp wrapper oracle
tcpdmatch [-d] [-i inet_conf] daemon client
tcpdmatch [-d] [-i inet_conf] daemon[@server] [user@]client
tcpdmatch predicts how the tcp wrapper would handle a specific request for service. Examples are given below.
The program examines the tcpd access control tables (default /etc/hosts.allow and /etc/hosts.deny) and prints its conclusion. For maximal accuracy, it extracts additional information from your inetd network configuration file.
When tcpdmatch finds a match in the access control tables, it identifies the matched rule. In addition, it displays the optional shell commands or options in a pretty-printed format; this makes it easier for you to spot any discrepancies between what you want and what the program understands.
The following two arguments are always required:
- A daemon process name. Typically, the last component of a daemon executable pathname.
- A host name or network address, or one of the `unknown´ or
`paranoid´ wildcard patterns.
When a client host name is specified, tcpdmatch gives a prediction for each address listed for that client.
When a client address is specified, tcpdmatch predicts what tcpd would do when client name lookup fails.
Optional information specified with the daemon@server form:
- A host name or network address, or one of the `unknown´ or `paranoid´ wildcard patterns. The default server name is `unknown´.
Optional information specified with the user@client form:
- A client user identifier. Typically, a login name or a numeric userid. The default user name is `unknown´.
To predict how tcpd would handle a telnet request from the local system:
tcpdmatch in.telnetd localhost
The same request, pretending that hostname lookup failed:
tcpdmatch in.telnetd 127.0.0.1
To predict what tcpd would do when the client name does not match the client address:
tcpdmatch in.telnetd paranoid
On some systems, daemon names have no `in.´ prefix, or tcpdmatch may need some help to locate the inetd configuration file.
The default locations of the tcpd access control tables are:
tcpdchk(8), tcpd configuration checker hosts_access(5), format of the tcpd access control tables. hosts_options(5), format of the language extensions. inetd.conf(5), format of the inetd control file.
Wietse Venema (firstname.lastname@example.org), Department of Mathematics and Computing Science, Eindhoven University of Technology Den Dolech 2, P.O. Box 513, 5600 MB Eindhoven, The Netherlands