I have written entries to /etc/hosts.allow and /etc/hosts.deny files to limit an access to our machine as suggested in the stickies of this forum.
In general, due the purpose of our server, I am unable to first deny all and then allow just certain hosts. I have anyway defined a few hosts that should never be accessing our box. Therefore the hosts.deny
looks like this:
sshd: .cn, .cn.net, .cn.com, .jp, .jp.com, .pl, .com, .ar, .tw
hosts.allow has just a few lines defining certain IPs that I want never to be denied (my own computer etc).
Anyway, from the latest LogWatch I can pick rows like them:
Unknown Account: 9 Time(s)
nobody (es106.internetdsl.tpnet.pl ): 1 Time(s)
unknown (ool-44c69595.dyn.optonline.net ): 9 Time(s)
First I tought that hosts.deny doesn't work at all. Anyway, I added a known complete host name to the file and then tried to access the server via that host - the connection was refused successfully. So, the hosts.deny works, on some level.
Why everything listed in hosts.deny are not blocked?
Thanks for your kind help =)