17.2.2. Option Fields
In addition to basic rules allowing and denying access, the Red Hat Enterprise Linux implementation of TCP wrappers supports extensions to the access control language through option fields. By using option fields within hosts access rules, administrators can accomplish a variety of tasks such as altering log behavior, consolidating access control, and launching shell commands.
Option fields let administrators easily change the log facility and priority level for a rule by using the
In the following example, connections to the SSH daemon from any host in the
example.comdomain are logged to the default
syslogfacility (because no facility value is specified) with a priority of
sshd : .example.com : severity emerg
It is also possible to specify a facility using the
severityoption. The following example logs any SSH connection attempts by hosts from the
example.comdomain to the
local0facility with a priority of
sshd : .example.com : severity local0.alert
In practice, this example does not work until the syslog daemon (
syslogd) is configured to log to the
local0facility. Refer to the
syslog.confman page for information about configuring custom log facilities.