Default variable details¶
debops.tcpwrappers default variables have more extensive
configuration than simple strings or lists, here you can find documentation and
examples for them.
This is a list of
/etc/hosts.allow entries defined as YAML dictionaries.
Each entry will be stored in
/etc/hosts.allow.d/ directory in a separate
file. The configuration roughly follows the conventions described in the
hosts_options(5) man pages. The list of known
- Required. Name or list of names of the daemons which should be configured, the first entry will be used in th filename if a custom one is not specified.
Optional. String or list of IP addresses, CIDR subnets, domain names and other "clients" that should be allowed (by default) to connect to a given service. If not specified, the access will be granted for all hosts, unless it's disabled by
IPv6 addresses should be specified "as is", they will be automatically converted to square bracket notation.
- Optional. String or list of additional options for a particular entry. This
will be added after list of clients. The colons (
:) inside the options are automatically escaped by a backslash. See
hosts_options(5)man page for possible values.
- Optional. A YAML text block with raw configuration in
- Optional. Two-digit number prefix added to the entry filename, to allow
easier sorting of files in
- Optional. Custom name of the file stored in
/etc/hosts.allow.d/. If not specified, a name will be generated based on the value of
- Optional. A comment added to the given entry to explain its purpose.
- Optional, boolean. If not specified or
True, without a specific client list the service that is being configured will acceppt connections from all hosts (
ALL). If specified and
False, connections won't be allowed unless a list of clients is specified and not empty.
- Optional. Either
absent. If specified and
absent, the configuration file will be removed from
/etc/hosts.allow.d/directory, otherwise it will be created.
Allow connection from anywhere to
tcpwrappers__allow: - daemon: 'sshd'
Restrict access to
vsftpd daemon to a set of parituclar subnets (IPv6
addresses are wrapped in square brackets automatically):
tcpwrappers__allow: - daemon: [ 'vsftpd' ] client: [ '192.0.2.0/24', '2001:db8::/32' ] accept_any: False