Classnotes | UNIX03 | RecentChanges | Preferences TCP Wrappers is a program and pair of configuration files that allow a System Administrator to wrap a security layer between the raw TCP and UDP socket layer administered by /etc/inetd and the application (server) layer which impliments each service. This TCP Wrappers layer can control which remote systems and users may access each service, preventing, for example, an unknown system from using the FTP service. TCP Wrappers also turns off any possible source routing for TCP sockets (but not UDP sockets) to eliminate most TCP protocol-level spoofing. This anti-spoofing claim assumes that you are using at least version 2.0.30 of the Linux kernel (see page 246).
TCP Wrappers is very easy to set up and use and works well. Because each connection requires forking tcpd (the tcp daemon) and reading the configuration files, it has substantially more overhead than IP Chains or IP Tables. Additionally, it only works for servers started from xinedt or inetd and for those that support the libwrap library. Thus, it is not as complete a solution as IP Chains or IP Tables, nor is it suitable for high-volume sites. It is a good solution for low-volume usage or when used rarely in conjunction with another tool like IP Tables or IP Chains (we will be using it this way).
