On Wed, 8 Aug 2018 12:59:09 +0000 James Pearson <james-p at moving-picture.com> wrote: > James Pearson wrote: > > > > I'm attempting to port an existing xinetd service from CentOS 6 to > > something equivalent with systemd for CentOS 7 > > > > The existing xinetd config uses the attributes 'only_from' to limit > > connections from a limited set of remote hosts and 'banner_fail' to > > print a suitable error message when access is denied > > > > However, I can't find suitable 'equivalents' with systemd > > socket/service files on CentOS 7 > > > > It appears later versions of systemd supports the option > > IPAddressAllow= (which is what I think I need ?) > > > > Does anyone know how to limit the remote hosts that can connect to a > > port with CentOS 7's systemd ? > > > > Also, how to implement the equivalent of 'banner_fail' ? (not > > absolutely required, but nice to have) > > I managed to do what is needed by creating a simple ExecStartPre > script that checks if the $REMOTE_ADDR env var is in a list of my > 'only_from' IP addresses - and exits with zero if it is or exits with > non-zero if not > > The non-zero status from the ExecStartPre script causes the whole > service instance to fail > > The ExecStartPre script also writes my 'banner_fail' message to > stdout when it fails - which is what I want Thanks for taking time to tell us about the solution. /Peter