Using TCP Wrappers in Oracle Solaris

Language:

TCP wrappers add a measure of security for service daemons by standing between the daemon and incoming service requests. TCP wrappers log successful and unsuccessful connection attempts. Additionally, TCP wrappers can provide access control by allowing or denying the connection depending on the origin of the request. Use TCP wrappers to protect daemons such as Telnet and the File Transfer Protocol (FTP). For information about TCP wrapper support for sendmail, see Support for TCP Wrappers in Version 8.12 of sendmail in Managing sendmail Services in Oracle Solaris 11.4.

Note - You cannot use TCP wrappers to protect Secure Shell (SSH) on Oracle Solaris systems. For more information, see Replacing TCP Wrappers With sshd_config Entries in Managing Secure Shell Access in Oracle Solaris 11.4.

How to Use TCP Wrappers to Control Access to TCP Services

Before You Begin

Ensure that your role has the appropriate rights profile to perform this procedure. See Using Rights Profiles to Perform Network Configuration.

Set the tcp_wrappers property to TRUE.
```
$ inetadm -M tcp_wrappers=TRUE
```
Configure the TCP wrappers access control policy.
See the hosts_access (3) man page located in the /usr/sfw/man directory.

How to Protect the FTP Network Service With TCP Wrappers

Before You Begin

Ensure that your role has the appropriate rights profile to perform this procedure. See Using Rights Profiles to Perform Network Configuration.

Follow the instructions in the /usr/share/doc/proftpd/modules/mod_wrap.html module.
Since the module is dynamic, you must load it to use TCP wrappers with FTP.
Load the module by adding the following instructions to the proftpd.conf file:
```
<IfModule mod_dso.c>
    LoadModule mod_wrap.c
</IfModule>
```
Restart the FTP service.
```
$ svcadm restart svc:/network/ftp 
```