Hello there,

I have written entries to /etc/hosts.allow and /etc/hosts.deny files to limit an access to our machine as suggested in the stickies of this forum.

In general, due the purpose of our server, I am unable to first deny all and then allow just certain hosts. I have anyway defined a few hosts that should never be accessing our box. Therefore the hosts.deny looks like this:
hosts.allow has just a few lines defining certain IPs that I want never to be denied (my own computer etc).

Anyway, from the latest LogWatch I can pick rows like them:

First I tought that hosts.deny doesn't work at all. Anyway, I added a known complete host name to the file and then tried to access the server via that host - the connection was refused successfully. So, the hosts.deny works, on some level.

Why everything listed in hosts.deny are not blocked?

Thanks for your kind help =)

Ville

Maybe putting wildcards in front of the domain extensions would work..

Ex:

sshd: *.cn, *.cn.net, *.cn.com, *.jp, *.jp.com, *.pl, *.com, *.ar, *.tw
sshd: UNKNOWN

I will try that. According to the patterns section in the man page, "A string that begins with a `.' character. A host name is matched if the last components of its name match the specified pattern. For example, the pattern `.tue.nl' matches the host name `wzv.win.tue.nl'.". So it should work without wildcards too.

Well, I will try with the wildcards and report you the results.

Thanks!

Ville

make sure SSHD is using tcpwrappers. If it's not, hosts.deny doesn't do anything.

Thanks Matir,

As I said in my first post, I added a known host to the hosts.deny and tried to access from that host the machine via ssh. The blocking worked without any problems. In a similar way when I added a domain (with and without wildcards) and tried to access from a machine under the domain, the connection was blocked.

So, in basics hosts.deny works fine. Just some connections do not match the hosts.deny settings even they should.

Ville