iX 6.5)

34 Chapter2

Internet Daemon

inetd Security File

Editing Tips

When you edit the inetd security ﬁle, remember the following points:

• To “comment out” a line, begin column 1 with a pound symbol (#). To

enable a security provision that has been commented out, delete the

pound symbol

and

any blank spaces preceding the service name.

• Enter the real service name, not the alias, of a valid service in the

inetd conﬁguration ﬁle.

• Separate the IP addresses and domain names by a white space. You

may enter any mix of addresses and names. For example, the

following entry denies Telnet access to host hp22.cup.hp.com, any

hosts on the network named “testlan,” and the host with IP address

192.54.24.5:

telnet deny hp22.cup.hp.com testlan 192.54.24.5

• To continue an entry on the next line, place a slash (/)

at the end

of the line

to be continued. The Internet daemon will ignore a

slash that appears in the middle of the line, continue reading to the

end, and ignore the next line. In this case, it will probably

misinterpret the entry and you will see an error message.

Using Wildcard Characters

You may use wildcard characters (*) in any of the ﬁelds of the address

to specify permissions for a group of hosts or networks. This makes it

more convenient to specify an entire network, since you will not need to

specify each host in that network. The following sample entry, for

example, allows all hosts with network addresses starting with a 10, as

well as the single host whose address is 192.54.24.5 to use Telnet:

telnet allow 10.* 192.54.24.5

You cannot use the wildcard character in combination with other

integers in one part of an address ﬁeld. For example, this entry in the

inetd security ﬁle will generate an error message because the second

ﬁeld includes a 5 followed by the * character:

tftp deny 10.5*

Either integers

the wildcard character is allowed in one part of an

address ﬁeld.