Controlling access to network services is one of the most important security tasks facing a server administrator. Red Hat Enterprise Linux provides several tools for this purpose. For example, an iptables-based firewall filters out unwelcome network packets within the kernel's network stack. For network services that utilize it, TCP Wrappers add an additional layer of protection by defining which hosts are or are not allowed to connect to "wrapped" network services. One such wrapped network service is the xinetdsuper server. This service is called a super server because it controls connections to a subset of network services and further refines access control.

Figure 42.9, “Access Control to Network Services” is a basic illustration of how these tools work together to protect network services.

This chapter focuses on the role of TCP Wrappers and xinetd in controlling access to network services and reviews how these tools can be used to enhance both logging and utilization management. Refer to Section 42.9, “IPTables” for information about using firewalls with iptables.