Deny a host access to all services
I want to deny a host access to all services running on my server. How can I do that? iptables?
|
with iptables, it's...
iptables -A INPUT -j REJECT -s x.x.x.x you can also change REJECT to DROP if you just want to ignore them and not let them know that they're being rejected. |
Re: Deny a host access to all services
Quote:
Personally, for security reasons, I have "all:all" in my /etc/hosts.deny file, to deny everyone access to everything, and then allow selective computers access to certain services depending on my needs. I let my parents computer, and all my University's computers have access to sshd, for instance, so I can use my computer from my parent's house, and anywhere on campus. And of course, I have "all:127.0.0.1" in my /etc/hosts.allow file to allow total access to my system services from my own computer. I didn't do that when I first added "all:all" to my deny file, and had some problems. |
Thanks for the iptables command. Do I have to run it every time I reboot?
The problem with /etc/hosts.deny is that it only is for INET-services... |
hi drj000,
pls kindly let me know the problems you faced before adding the line all:127.0.0.1 to /etc/host.allow. this is becos i am about doing the same thing. Thnaks. |
Quote:
The result would be that any services that run on my computer that I had to access locally I wouldn't be able to do. For example, at that time, I was sending mail through sendmail as a regular SMTP server. In other words, I had my email program setup to use localhost (or 127.0.0.1) as my SMTP server, and consequently, I wasn't able to send mail. I had (and still do have) an Apache server, so I couldn't access it, even locally. Unless you have an unusual setup, I can't think of any way that adding that in could be damaging. |
All times are GMT -5. The time now is 03:54 AM. |