| .TH TCPDMATCH 8 |
| .SH NAME |
| tcpdmatch \- tcp wrapper oracle |
| .SH SYNOPSIS |
| tcpdmatch [-d] [-i inet_conf] daemon client |
| .sp |
| tcpdmatch [-d] [-i inet_conf] daemon[@server] [user@]client |
| .SH DESCRIPTION |
| .PP |
| \fItcpdmatch\fR predicts how the tcp wrapper would handle a specific |
| request for service. Examples are given below. |
| .PP |
| The program examines the \fItcpd\fR access control tables (default |
| \fI/etc/hosts.allow\fR and \fI/etc/hosts.deny\fR) and prints its |
| conclusion. For maximal accuracy, it extracts additional information |
| from your \fIinetd\fR network configuration file. |
| .PP |
| When \fItcpdmatch\fR finds a match in the access control tables, it |
| identifies the matched rule. In addition, it displays the optional |
| shell commands or options in a pretty-printed format; this makes it |
| easier for you to spot any discrepancies between what you want and what |
| the program understands. |
| .SH ARGUMENTS |
| The following two arguments are always required: |
| .IP daemon |
| A daemon process name. Typically, the last component of a daemon |
| executable pathname. |
| .IP client |
| A host name or network address, or one of the `unknown\' or `paranoid\' |
| wildcard patterns. |
| .sp |
| When a client host name is specified, \fItcpdmatch\fR gives a |
| prediction for each address listed for that client. |
| .sp |
| When a client address is specified, \fItcpdmatch\fR predicts what |
| \fItcpd\fR would do when client name lookup fails. |
| .PP |
| Optional information specified with the \fIdaemon@server\fR form: |
| .IP server |
| A host name or network address, or one of the `unknown\' or `paranoid\' |
| wildcard patterns. The default server name is `unknown\'. |
| .PP |
| Optional information specified with the \fIuser@client\fR form: |
| .IP user |
| A client user identifier. Typically, a login name or a numeric userid. |
| The default user name is `unknown\'. |
| .SH OPTIONS |
| .IP -d |
| Examine \fIhosts.allow\fR and \fIhosts.deny\fR files in the current |
| directory instead of the default ones. |
| .IP "-i inet_conf" |
| Specify this option when \fItcpdmatch\fR is unable to find your |
| \fIinetd.conf\fR network configuration file, or when |
| you suspect that the program uses the wrong one. |
| .SH EXAMPLES |
| To predict how \fItcpd\fR would handle a telnet request from the local |
| system: |
| .sp |
| .ti +5 |
| tcpdmatch in.telnetd localhost |
| .PP |
| The same request, pretending that hostname lookup failed: |
| .sp |
| .ti +5 |
| tcpdmatch in.telnetd 127.0.0.1 |
| .PP |
| To predict what tcpd would do when the client name does not match the |
| client address: |
| .sp |
| .ti +5 |
| tcpdmatch in.telnetd paranoid |
| .PP |
| On some systems, daemon names have no `in.\' prefix, or \fItcpdmatch\fR |
| may need some help to locate the inetd configuration file. |
| .SH FILES |
| .PP |
| The default locations of the \fItcpd\fR access control tables are: |
| .PP |
| /etc/hosts.allow |
| .br |
| /etc/hosts.deny |
| .SH SEE ALSO |
| .na |
| .nf |
| tcpdchk(8), tcpd configuration checker |
| hosts_access(5), format of the tcpd access control tables. |
| hosts_options(5), format of the language extensions. |
| inetd.conf(5), format of the inetd control file. |
| .SH AUTHORS |
| .na |
| .nf |
| Wietse Venema (wietse@wzv.win.tue.nl), |
| Department of Mathematics and Computing Science, |
| Eindhoven University of Technology |
| Den Dolech 2, P.O. Box 513, |
| 5600 MB Eindhoven, The Netherlands |
| \" @(#) tcpdmatch.8 1.5 96/02/11 17:01:35 |