TCP Wrapper
Developer(s) Wietse Venema
Stable release 7.6
Operating system Unix-like
Type Security
License BSD license
Website [1]

TCP Wrapper is a host-based networking ACL system, used to filter network access to Internet Protocol servers on (Unix-like) operating systems such as Linux or BSD. It allows host or subnetwork IP addresses, names and/or ident query replies, to be used as tokens on which to filter for access control purposes.

The original code was written by Dutchman Wietse Venema in 1990 to monitor a cracker's activities on the Unix workstations at the Dept. of Math and Computer Science at the Eindhoven University of Technology.[1] He maintained it until 1995, and on June 1, 2001, released it under its own BSD-style license.

The tarball includes a library named libwrap that implements the actual functionality. Initially, only services that were spawned for each connection from a super-server (such as inetd) got wrapped, utilizing the tcpd program. However most common network service daemons today can be linked against libwrap directly. This is used by daemons that operate without being spawned from a super-server, or when a single process handles multiple connections. Otherwise, only the first connection attempt would get checked against its ACLs.

When compared to host access control directives often found in daemons' configuration files, TCP Wrappers have the benefit of runtime ACL reconfiguration (i.e., services don't have to be reloaded or restarted) and a generic approach to network administration.

This makes it easy to use for anti-Worm scripts, such as DenyHosts or Fail2ban, to add and expire client-blocking rules, when excessive connections and/or many failed login attempts are encountered.

While originally written to protect TCP and UDP accepting services, examples of usage to filter on certain ICMP packets exist too, such as 'pingd' – the userspace ping request responder.[2]

1999 Trojan

In January 1999, the distribution package at Eindhoven University of Technology (the primary distribution site until that day) was replaced by a modified version. The replacement contained a trojaned version of the software that would allow the intruder access to any server that it was installed on. The author spotted this within hours, upon which he relocated the primary distribution to his personal site.[3][4][5][6]

See also

Free software portal


  • Lee Brotzman: Linuxjournal article 1997-08-01

External links

  • Softpanorama TCP Wrappers Information
  • A laymans guide to TCP Wrappers and its history
  • Howto on tcp wrapper
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.