Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 83846

Summary: RFE: prefer TCP wrapper for denying access
Product: [Retired] Red Hat Linux Reporter: Michael Redinger <michael.redinger>
Component: rhl-rgAssignee: Johnray Fuller <jrfuller>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 9Keywords: FutureFeature
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-06-30 19:42:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Michael Redinger 2003-02-09 19:43:05 UTC
Red Hat Linux Reference Guide 8.0.93
Page 112f (9.4.3.2. Access Control Options)
Add a note that it's almost always better to not use control options
in xinetd but rely on hosts.(allow|deny) instead.
In hosts.deny you can block everything with ALL: ALL and then allow
the required services in hosts.allow.
If you use only_from or no_access in the xinetd configuration files, you
miss those programs that are not started using xinetd but are also using
TCP wrappers. Mixing both is obviousely a bad idea, so use
hosts.(allow|deny) instead.

Comment 1 Johnray Fuller 2003-02-12 07:49:37 UTC
There is talk of changing TCP wrappers infrastructure, so I did not "go there." 

I will leave this as an RFE for next round.

Thanks again.

Johnray

Comment 2 Johnray Fuller 2003-06-30 19:42:17 UTC
I have added this information to the most recent version.

This chapter will be on the Docs Beta CD and in the final product.

J