The TCP Wrappers module uses a simple access control language that is based on client (host name/address, user name), and server (process name, host name/address) patterns.
An extended version of the access control language is described in the hosts_options(5) document. The extensions are turned on at program build time by building with -DPROCESS_OPTIONS.
- Access Control Files
The access control software consults two files. The search stops at the first match:
- Access will be granted when a (daemon, client) pair matches an entry in the /etc/hosts.allow file.
- Otherwise, access will be denied when a (daemon, client) pair matches an entry in the /etc/hosts.deny file.
- Otherwise, access will be granted.
A non-existing access control file is treated as if it were an empty file. Thus, access control can be turned off by providing no access control files.