James Pearson wrote:
>
> I'm attempting to port an existing xinetd service from CentOS 6 to
> something equivalent with systemd for CentOS 7
>
> The existing xinetd config uses the attributes 'only_from' to limit
> connections from a limited set of remote hosts and 'banner_fail' to
> print a suitable error message when access is denied
>
> However, I can't find suitable 'equivalents' with systemd socket/service
> files on CentOS 7
>
> It appears later versions of systemd supports the option IPAddressAllow=
> (which is what I think I need ?)
>
> Does anyone know how to limit the remote hosts that can connect to a
> port with CentOS 7's systemd ?
>
> Also, how to implement the equivalent of 'banner_fail' ? (not absolutely
> required, but nice to have)
I managed to do what is needed by creating a simple ExecStartPre script
that checks if the $REMOTE_ADDR env var is in a list of my 'only_from'
IP addresses - and exits with zero if it is or exits with non-zero if not
The non-zero status from the ExecStartPre script causes the whole
service instance to fail
The ExecStartPre script also writes my 'banner_fail' message to stdout
when it fails - which is what I want
James Pearson
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
