inetd.sec(4)inetd.sec(4)NAMEinetd.sec - optional security file for inetd
DESCRIPTION
When accepts a connection from a remote system, it checks the address
of the host requesting the service against the list of hosts to be
allowed or denied access to the specific service (see inetd(1M)).
The file allows the system administrator to control which hosts (or
networks in general) are allowed to use the system remotely. This file
constitutes an extra layer of security in addition to the normal checks
done by the services. It precedes the security of the servers; that
is, a server is not started by the Internet daemon unless the host
requesting the service is a valid host according to
If file does not exist, security is limited to that implemented by the
servers. and the directory should be writable only by their owners.
Changes to apply to any subsequent connections.
Lines in beginning with the pound sign are comments. Comments are not
allowed at the end of a line of data.
The lines in the file contain a service name, permission field, and the
Internet addresses or official names of the hosts and networks allowed
to use that service in the local host. The fields in each line are as
follows:
service name { hostaddrs | hostnames | netaddrs | netnames }
Note: service name is the name (not alias) of a valid service in file
The service name for RPC-based services (NFS) is the name (not alias)
of a valid service in file A service name in corresponds to a unique
RPC program number.
determines whether the list of remote hosts in the next field is
allowed or denied access to the specified service. Multiple lines for
each service are not unsupported. If there are multiple lines for a
particular service, all but the last line are ignored.
Addresses (hostaddrs and netaddrs) and names (hostnames and netnames)
are separated by white space. Any mix of addresses and names is
allowed. To continue a line, terminate it with backslash,
Host names and network names are the official names of the hosts or
networks as returned by or respectively. Wildcard characters and range
characters are allowed. The and the can be present in any of the
fields of the address. An address field is a string of characters sep‐
arated by a dot
Hostname resolution failure in may cause to delay the processing of
connection requests. To avoid such delays, configure host/network
addresses instead of host/network names in the file.
EXAMPLES
Use a wildcard character to permit a whole network to communicate with
the local host without having to list all the hosts in that network.
For example, to allow all hosts with network addresses starting with a
as well as the single host with address to use rlogin:
On a system running NFS, deny host access to sprayd, an RPC-based
server:
A range is a field containing a character. To deny hosts in network 10
(arpa) with subnets 3 through 5 access to
The following entry denies access to host any hosts on the network
named and the host with internet address
If a remote service is not listed in the security file, or if it is
listed but it is not followed by or all remote hosts can attempt to use
it. Security is then provided by the service itself. The following
lines, if present in allow or deny access to the service indicated:
Allow all hosts to use
Deny all access to the service; i.e.,
Allow access to the service by any host:
or
IPv6 Functionality
For an IPv6 service, an IPv6 address can be specified in the host
address field of The host address field can contain IPv6 addresses,
IPv4 addresses, or both. This specification includes the IPv4 mapped
IPv6 addresses also.
Host names for IPv6 services are the official names of the hosts
returned by
The wildcard characters and range characters are not supported for IPv6
addresses. The equivalent for the wildcard character is provided in the
form of followed by a forward-slash and See the IPv6 Examples section
for more details.
IPv6 Examples
To allow an IPv6 host with address and an IPv4 host with address in
order to use the service, an entry in the file should be as follows:
The following entry denies access to all hosts with a prefix
AUTHOR
was developed by HP.
NFS was developed by Sun Microsystems, Inc.
FILESSEE ALSOinetd(1M), gethostent(3N), getaddrinfo(3N), getnetent(3N), hosts(4),
inetd.conf(4), networks(4), protocols(4), rpc(4), services(4).
inetd.sec(4)