With TCP Wrappers on Unix/Linux, in which access control file would you allow all services for all hosts (for example, by placing 'ALL: ALL')?

Introduction / Context:
TCP Wrappers controls access to network services compiled against 'libwrap'. Two files govern decisions: '/etc/hosts.allow' and '/etc/hosts.deny'. Their content and evaluation order determine whether a connection is permitted or refused based on client host and requested daemon.

Given Data / Assumptions:

• libwrap-enabled daemons are in use (for example, tcpd-managed services).
• We want to allow rather than deny access.
• Typical rule syntax 'daemon_list : client_list' is understood.

Concept / Approach:
When a connection arrives, TCP Wrappers first checks '/etc/hosts.allow'. If a rule matches, access is granted immediately. If not, it checks '/etc/hosts.deny'; if a rule matches, access is denied. If neither file matches, the default is to permit (unless configured otherwise). Therefore, to allow everyone, put a permissive rule like 'ALL: ALL' in '/etc/hosts.allow'.

Step-by-Step Solution:

Verification / Alternative check:
Place a temporary restrictive rule in '/etc/hosts.deny' and verify that '/etc/hosts.allow' entries still override as documented. Use netcat or telnet to test connections from various clients.

Why Other Options Are Wrong:

• /etc/hosts.deny: Used for denying, not allowing, at first-match order.
• /etc/hosts: Static host-to-IP mappings, unrelated to wrappers.
• /etc/tcp.conf: Not a standard TCP Wrappers file.

Common Pitfalls:
Assuming evaluation order is deny-then-allow (it is allow first), or forgetting that some modern services no longer use TCP Wrappers and rely on native ACLs or firewalls.

Final Answer:
/etc/hosts.allow