NAME

tcpdmatch - tcp wrapper oracle

SYNOPSIS

tcpdmatch [-d] [-i inet_conf] daemon client

tcpdmatch [-d] [-i inet_conf] daemon[@server] [user@]client

DESCRIPTION

_t_c_p_d_m_a_t_c_h predicts how the tcp wrapper would handle a specific request for service. Examples are given below.

The program examines the _t_c_p_d access control tables (default _/_e_t_c_/_h_o_s_t_s_._a_l_l_o_w and _/_e_t_c_/_h_o_s_t_s_._d_e_n_y) and prints its conclusion. For maximal accuracy, it extracts additional information from your _i_n_e_t_d or _t_l_i_d network configuration file.

When _t_c_p_d_m_a_t_c_h finds a match in the access control tables, it identifies the matched rule. In addition, it displays the optional shell commands or options in a pretty-printed format; this makes it easier for you to spot any discrepancies between what you want and what the program understands.

ARGUMENTS

The following two arguments are always required:
daemon A daemon process name. Typically, the last component of a daemon
executable pathname.
client A host name or network address, or one of the `unknown' or `paranoid'
wildcard patterns.

When a client host name is specified, _t_c_p_d_m_a_t_c_h gives a prediction for each address listed for that client.

When a client address is specified, _t_c_p_d_m_a_t_c_h predicts what _t_c_p_d would do when client name lookup fails.

Optional information specified with the _d_a_e_m_o_n_@_s_e_r_v_e_r form:

server A host name or network address, or one of the `unknown' or `paranoid'
wildcard patterns. The default server name is `unknown'.

Optional information specified with the _u_s_e_r_@_c_l_i_e_n_t form:

user A client user identifier. Typically, a login name or a numeric userid.
The default user name is `unknown'.

OPTIONS

-d Examine _h_o_s_t_s_._a_l_l_o_w and _h_o_s_t_s_._d_e_n_y files in the current
directory instead of the default ones.
-i inet_conf Specify this option when _t_c_p_d_m_a_t_c_h is unable to find your
_i_n_e_t_d_._c_o_n_f or _t_l_i_d_._c_o_n_f network configuration file, or when you suspect that the program uses the wrong one.

EXAMPLES

To predict how _t_c_p_d would handle a telnet request from the local system:

tcpdmatch in.telnetd localhost

The same request, pretending that hostname lookup failed:

tcpdmatch in.telnetd 127.0.0.1

To predict what tcpd would do when the client name does not match the client address:

tcpdmatch in.telnetd paranoid

On some systems, daemon names have no `in.' prefix, or _t_c_p_d_m_a_t_c_h may need some help to locate the inetd configuration file.

FILES

The default locations of the _t_c_p_d access control tables are:

/etc/hosts.allow
/etc/hosts.deny

SEE ALSO


tcpdchk(8), tcpd configuration checker
hosts_access(5), format of the tcpd access control tables.
hosts_options(5), format of the language extensions.
inetd.conf(5), format of the inetd control file.

AUTHORS


Wietse Venema (wietse@wzv.win.tue.nl),
Department of Mathematics and Computing Science,
Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands

BUGS

If you specify FQDN hostname as client, they will be recognized only as IPv4 or IPv6 address, which should be recognized as both.