How to Use TCP Wrappers to Control Access to TCP Services

The tcpd program implements TCP wrappers. TCP wrappers add a measure of security for service daemons such as ftpd by standing between the daemon and incoming service requests. TCP wrappers log successful and unsuccessful connection attempts. Additionally, TCP wrappers can provide access control, allowing or denying the connection depending on where the request originates. You can use TCP wrappers to protect daemons such as SSH, Telnet, and FTP. The sendmail application can also use TCP wrappers, as described in Support for TCP Wrappers From Version 8.12 of sendmail in System Administration Guide: Network Services.

1. On the local system, assume the Primary Administrator role, or become superuser.

   The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

2. Set TCP wrappers to enabled.

   # inetadm -M tcp_wrappers=TRUE

3. Configure the TCP wrappers access control policy as described in the hosts_access(3) man page.

   This man page can be found in the /usr/sfw/man directory on the SFW CD-ROM, which is packaged along with the Oracle Solaris CD-ROM.