TCPDMATCH(8)            OpenBSD System Manager's Manual           TCPDMATCH(8)

NAME
     tcpdmatch - tcp wrapper oracle



SYNOPSIS
     tcpdmatch [-d] [-i inet_conf] daemon client

     tcpdmatch [-d] [-i inet_conf] daemon [@server] [user@] client

DESCRIPTION
     tcpdmatch predicts how the tcp wrapper would handle a specific request
     for service.  Examples are given below.

     The program examines the tcpd(8) access control tables (default
     /etc/hosts.allow and /etc/hosts.deny) and prints its conclusion.  For
     maximal accuracy, it extracts additional information from your inetd(8)
     network configuration file.

     When tcpdmatch finds a match in the access control tables, it identifies
     the matched rule.  In addition, it displays the optional shell commands
     or options in a pretty-printed format; this makes it easier for you to
     spot any discrepancies between what you want and what the program under-
     stands.

ARGUMENTS
     The following two arguments are always required:

     daemon  A daemon process name. Typically, the last component of a daemon
             executable pathname.
     client  A host name or network address, or one of the `unknown' or `para-
             noid' wildcard patterns.

     When a client host name is specified, tcpdmatch gives a prediction for
     each address listed for that client.

     When a client address is specified, tcpdmatch predicts what tcpd(8) would
     do when client name lookup fails.

     Optional information specified with the daemon@server form:

     server  A host name or network address, or one of the `unknown' or `para-
             noid' wildcard patterns.  The default server name is `unknown'.

     Optional information specified with the user@client form:

     user    A client user identifier. Typically, a login name or a numeric
             userid.  The default user name is `unknown'.

OPTIONS
     -d            Examine hosts.allow and hosts.deny files in the current di-
                   rectory instead of the default ones.

     -i inet_conf  Specify this option when tcpdmatch is unable to find your
                   inetd.conf network configuration file, or when you wish to
                   test with a non-default one.

EXAMPLES
     To predict how tcpd(8) would handle a telnet request from the local sys-
     tem:

           tcpdmatch telnetd localhost

     The same request, pretending that hostname lookup failed:


           tcpdmatch telnetd 127.0.0.1

     To predict what tcpd(8) would do when the client name does not match the
     client address:

           tcpdmatch telnetd paranoid

FILES
     The default locations of the tcpd(8) access control tables are:

     /etc/hosts.allow  Access control table (allow list)
     /etc/hosts.deny   Access control table (deny list)

SEE ALSO
     hosts_access(5),  hosts_options(5),  inetd.conf(5),  tcpdchk(8).

AUTHOR
           Wietse Venema (wietse@wzv.win.tue.nl),
           Department of Mathematics and Computing Science,
           Eindhoven University of Technology
           Den Dolech 2, P.O. Box 513,
           5600 MB Eindhoven, The Netherlands


OpenBSD 2.3                      June 23, 1997                               2