tcpdchk

tcpdchk [-a] [-d] [-i inet_address] [-v]

-a
    Display all access control rules.

-d
    Enable debugging mode. Provides more verbose output.

-i inet_address
    Simulate connection attempts from the specified inet_address.

-v
    Enable verbose mode. Provides more detailed information about the analysis.

tcpdchk analyzes your TCP Wrappers configuration, primarily /etc/hosts.allow and /etc/hosts.deny, to identify potential problems.

It searches for inconsistencies such as rules that may be shadowed by earlier rules, syntax errors, and potential misconfigurations that could allow or deny connections in ways you might not expect.

tcpdchk is a valuable tool for ensuring your TCP Wrappers rules are behaving as intended, enhancing the security of your system by preventing unintended access or denials. It aims to assist in hardening the server by preventing basic misconfiguration errors.

It is especially useful to check the configuration after modifications, especially after using editors which might introduce syntax errors.

tcpdchk can't catch every possible error, especially those related to complex logic within your rules. It is recommended to review and test changes to hosts.allow and hosts.deny regardless of tcpdchk's output.

The tcpdchk command exits with a status of 0 on success and a non-zero value on failure, usually indicating an error was found.

tcpdchk is part of the TCP Wrappers suite, originally developed by Wietse Venema at Eindhoven University of Technology in the early 1990s.

TCP Wrappers quickly became a standard tool for basic network access control on Unix-like systems. The primary goal was to provide a simple and effective way to filter incoming network connections based on the client's IP address or hostname.

tcpd(8), hosts.allow(5), hosts.deny(5)