Gatekeeping with TCP wrappers
TCP wrappers are a tidy tool helping to secure network services sitting on open ports where just anyone can try to hack in.
What they do is restrict access to localhost, specific hostnames, or IP addresses and are commonly used, for example, for FTP and POP. They're no substitute for a firewall but, instead, secure ports, generally used for administration that, otherwise, are open to all.
Take the example of SSH which we use to tunnel into the server. Ideally you would set up authentication keys to secure the port but, sometimes, that's not practicable.
Adding a simple directive to a couple of files, the TCP wrapper takes immediate effect.
Open up the deny file:
sudo nano /etc/hosts.denyAdd a line:
Open up the allow file:
sudo nano /etc/hosts.allowAdd a line:
Following the colon in the allow file is the IP to be authorized. You can add a series of IPs, comma or space-separated, else use an IP subnet or hostnames.
Before the colon is the name of the daemon for which to...
