systemd equivalent of xinetd 'only_from' and 'banner_fail' attributes

I'm attempting to port an existing xinetd service from CentOS 6 to
something equivalent with systemd for CentOS 7

The existing xinetd config uses the attributes 'only_from' to limit
connections from a limited set of remote hosts and 'banner_fail' to
print a suitable error message when access is denied

However, I can't find suitable 'equivalents' with systemd socket/service
files on CentOS 7

It appears later versions of systemd supports the option IPAddressAllow=
(which is what I think I need ?)

Does anyone know how to limit the remote hosts that can connect to a
port with CentOS 7's systemd ?

Also, how to implement the equivalent of 'banner_fail' ? (not absolutely
required, but nice to have)


James Pearson


Re: systemd equivalent of xinetd 'only_from' and 'banne

By James Pearson at 08/08/2018 - 07:59

James Pearson wrote:
I managed to do what is needed by creating a simple ExecStartPre script
that checks if the $REMOTE_ADDR env var is in a list of my 'only_from'
IP addresses - and exits with zero if it is or exits with non-zero if not

The non-zero status from the ExecStartPre script causes the whole
service instance to fail

The ExecStartPre script also writes my 'banner_fail' message to stdout
when it fails - which is what I want

James Pearson

Re: systemd equivalent of xinetd 'only_from' and 'banne

By Peter Kjellstrom at 08/08/2018 - 09:15

On Wed, 8 Aug 2018 12:59:09 +0000

Thanks for taking time to tell us about the solution.