TCP Wrappers

wikipedia TCP Wrappers

TCP Wrappers (also known as tcp_wrappers) is a host-based networking ACL system, used to filter network access to Internet Protocol servers on (Unix-like) operating systems such as Linux or BSD. It allows host or subnetwork IP addresses, names and/or ident query replies, to be used as tokens on which to filter for access control purposes.

The tarball includes a library named libwrap that implements the actual functionality. Initially, only services that were spawned for each connection from a super-server (such as inetd) got wrapped, utilizing the tcpd program. However most common network service daemons today can be linked against libwrap directly. This is used by daemons that operate without being spawned from a super-server, or when a single process handles multiple connections. Otherwise, only the first connection attempt would get checked against its ACLs.

NOTE: tarball包含一个名为libwrap的库，它实现了实际的功能。最初，只有使用tcpd程序将来自超级服务器（例如inetd）的每个连接生成的服务包装起来。但是，今天最常见的网络服务守护进程可以直接链接到libwrap。守护进程使用它而不是从超级服务器生成，或者当单个进程处理多个连接时运行。否则，将仅针对其ACL检查第一次连接尝试。

When compared to host access control directives often found in daemons' configuration files, TCP Wrappers have the benefit of runtime ACL reconfiguration (i.e., services don't have to be reloaded or restarted) and a generic approach to network administration.