Quote:
Originally Posted by redleg7
Using /etc/hosts.allow and /etc/hosts.deny, is there a way to allow vsftd connectins but block sshd connections? I have tried the following, but this blocks both sshd and vsftp:
/etc/hosts.allow: vsftd : ALL
/etc/hosts.deny: sshd: ALL
I think that vsftpd and sshd both use the same port, and that is why this does not work. Am I correct, or is there some other explanation?
|
They don't use the same port - FTP is 21 and SSH is 22. Regardless, it is my understanding that TCP wrappers uses service process names for identification - not port numbers. Granted, I don't use TCP wrappers (I use iptables instead), so I could be mistaken about that.
That said, why do you need a rule for vsftpd in your
hosts.allow file in the first place? If what you posted is all you have in those files then you don't need anything in
hosts.allow, as TCP wrappers will allow access to services by default.
hosts.allow is mostly useful for exceptions to what you have in
hosts.deny.
AFAICT none of this explains the symptoms you describe, though - unless there's something you aren't telling us. For example, if the misspelled daemon name you posted is what is actually in the
hosts.allow file, and there is an "ALL: ALL" in the
hosts.deny file, then access to
vsftpd would be denied (since no match would occur in
hosts.allow, while "ALL: ALL" would match in
hosts.deny).