OpenBSD manual page server

Manual Page Search Parameters
TCPDMATCH(8) System Manager's Manual TCPDMATCH(8)

tcpdmatchtcp wrapper oracle

tcpdmatch [-d] [-i inet_conf] daemon client


tcpdmatch [-d] [-i inet_conf] daemon [@server] [user@] client

tcpdmatch predicts how the tcp wrapper would handle a specific request for service. Examples are given below.

The program examines the tcpd(8) access control tables (default /etc/hosts.allow and /etc/hosts.deny) and prints its conclusion. For maximal accuracy, it extracts additional information from your inetd(8) network configuration file.

When tcpdmatch finds a match in the access control tables, it identifies the matched rule. In addition, it displays the optional shell commands or options in a pretty-printed format; this makes it easier for you to spot any discrepancies between what you want and what the program understands.

The options are as follows:

Examine hosts.allow and hosts.deny files in the current directory instead of the default ones.
inet_conf
Specify this option when tcpdmatch is unable to find your inetd.conf network configuration file, or when you wish to test with a non-default one.

The following two arguments are always required:

daemon
A daemon process name. Typically, the last component of a daemon executable pathname.
client
A host name or network address, or one of the “unknown” or “paranoid” wildcard patterns.

When a client host name is specified, tcpdmatch gives a prediction for each address listed for that client.

When a client address is specified, tcpdmatch predicts what tcpd(8) would do when client name lookup fails.

Optional information specified with the daemon@server form:

server
A host name or network address, or one of the “unknown” or “paranoid” wildcard patterns. The default server name is “unknown”.

Optional information specified with the user@client form:

user
A client user identifier. Typically, a login name or a numeric user ID. The default user name is “unknown”.

The default locations of the tcpd(8) access control tables are:

/etc/hosts.allow
access control table (allow list)
/etc/hosts.deny
access control table (deny list)

To predict how tcpd(8) would handle a telnet request from the local system:

$ tcpdmatch telnetd localhost

The same request, pretending that hostname lookup failed:

$ tcpdmatch telnetd 127.0.0.1

To predict what tcpd(8) would do when the client name does not match the client address:

$ tcpdmatch telnetd paranoid

hosts_access(5), hosts_options(5), inetd.conf(5), tcpdchk(8)

Wietse Venema (wietse@wzv.win.tue.nl),
Department of Mathematics and Computing Science,
Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands
May 31, 2007 OpenBSD-5.1