Imitate TCP Wrapper

archlinux has chosen to remove TCP wrappers from it’s core packages a couple of years now.

You can read this all about here.

This is how to imitate the tcp wrapper (by the way Wietse Venema rocks! ) functionality with iptables and source range.

iptables -A INPUT -p tcp --dport 22 -m iprange --src-range -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP
  1. Avatar di adamo adamo

    Saturday, July 20, 2013 - 00:01:14

    TTBOMK, iptables does not handle domain names, so this imitation is working yes, but does half the job. The really cool stuff for you to try out would be to have a host_access daemon that reads hosts.allow and hosts.deny and translates them into dynamically added and removed iptables rules.