Tcp_wrappers enables monitoring and filtering of incoming tcp requests.
Tcp_wrappers supports both the 4.3BSD-style sockets and System V.4-style TLI, so you don't have to worry if your environment supports either of these programming interfaces. Furthermore, optional features are available, such as access control to restrict which systems can connect to what network daemons, client user name lookups with the RFC 931 protocol, additional protection against hosts that pretend to have a different host name or IP address, and more.
The tcp_wrappers programs are highly portable and come with build procedures for many common (and not so common) environments. If your environment isn't among them, guidelines are provided to help you get started. Network daemons must be spawned by a super server like the inetd, while a syslog(3) library and syslogd(8) daemon should be available to satisfy requirements.
If you're new to the wrapper programs, it's recommended that you read through the tutorial sections for an introduction to the relevant concepts and terminology, glance over the security feature sections, and then follow the easy or advanced installation instructions. Running the wrappers for a few days to become familiar with their logs is also a good idea before using drastic measures such as cutting off access or installing booby traps.
In the newest release, several enhancements have been made to combat source-routing protection issues. The code is now stronger, and the program no longer terminates in case of a source-routed connection, making the IP-spoofing code more usable for long-running daemons. Additionally, when sysloging DNS hostname problems, the program will now always stop after a limited number of characters.
Version 7.6: N/A