Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
TCPDMATCH(8)            OpenBSD System Manager's Manual           TCPDMATCH(8)

     tcpdmatch - tcp wrapper oracle

     tcpdmatch [-d] [-i inet_conf] daemon client

     tcpdmatch [-d] [-i inet_conf] daemon [@server] [user@] client

     tcpdmatch predicts how the tcp wrapper would handle a specific request
     for service.  Examples are given below.

     The program examines the tcpd(8) access control tables (default
     /etc/hosts.allow and /etc/hosts.deny) and prints its conclusion.  For
     maximal accuracy, it extracts additional information from your inetd(8)
     network configuration file.

     When tcpdmatch finds a match in the access control tables, it identifies
     the matched rule.  In addition, it displays the optional shell commands
     or options in a pretty-printed format; this makes it easier for you to
     spot any discrepancies between what you want and what the program under-

     The options are as follows:

     -d      Examine hosts.allow and hosts.deny files in the current directory
             instead of the default ones.

     -i inet_conf
             Specify this option when tcpdmatch is unable to find your
             inetd.conf network configuration file, or when you wish to test
             with a non-default one.

     The following two arguments are always required:

     daemon  A daemon process name.  Typically, the last component of a daemon
             executable pathname.
     client  A host name or network address, or one of the ``unknown'' or
             ``paranoid'' wildcard patterns.

     When a client host name is specified, tcpdmatch gives a prediction for
     each address listed for that client.

     When a client address is specified, tcpdmatch predicts what tcpd(8) would
     do when client name lookup fails.

     Optional information specified with the daemon@server form:

     server  A host name or network address, or one of the ``unknown'' or
             ``paranoid'' wildcard patterns.  The default server name is

     Optional information specified with the user@client form:

     user    A client user identifier.  Typically, a login name or a numeric
             user ID.  The default user name is ``unknown''.

     The default locations of the tcpd(8) access control tables are:

     /etc/hosts.allow  access control table (allow list)
     /etc/hosts.deny   access control table (deny list)

     To predict how tcpd(8) would handle a telnet request from the local sys-

           $ tcpdmatch telnetd localhost

     The same request, pretending that hostname lookup failed:

           $ tcpdmatch telnetd

     To predict what tcpd(8) would do when the client name does not match the
     client address:

           $ tcpdmatch telnetd paranoid

     hosts_access(5), hosts_options(5), inetd.conf(5), tcpdchk(8)

           Wietse Venema (,
           Department of Mathematics and Computing Science,
           Eindhoven University of Technology
           Den Dolech 2, P.O. Box 513,
           5600 MB Eindhoven, The Netherlands

OpenBSD 3.9                      June 23, 1997                               2


Want to link to this manual page? Use this URL:

home | help