LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-19-2004, 06:56 PM   #1
objorkum
Member
 
Registered: Aug 2003
Location: Norway
Distribution: Slackware 10.0
Posts: 231

Rep: Reputation: 30
Deny a host access to all services


I want to deny a host access to all services running on my server. How can I do that? iptables?
 
Old 12-19-2004, 07:12 PM   #2
niknah
Member
 
Registered: Dec 2002
Location: In front of a computer
Distribution: UPS, DHL, FedEx
Posts: 466

Rep: Reputation: 38
with iptables, it's...

iptables -A INPUT -j REJECT -s x.x.x.x

you can also change REJECT to DROP if you just want to ignore them and not let them know that they're being rejected.
 
Old 12-19-2004, 09:19 PM   #3
drj000
Member
 
Registered: Sep 2004
Location: Houston, TX
Distribution: Fedora
Posts: 259

Rep: Reputation: 33
Re: Deny a host access to all services

Quote:
Originally posted by objorkum
I want to deny a host access to all services running on my server. How can I do that? iptables?
In your /etc/hosts.deny file, add "all:ip address of computer from which you want access blocked"
Personally, for security reasons, I have "all:all" in my /etc/hosts.deny file, to deny everyone access to everything, and then allow selective computers access to certain services depending on my needs. I let my parents computer, and all my University's computers have access to sshd, for instance, so I can use my computer from my parent's house, and anywhere on campus. And of course, I have "all:127.0.0.1" in my /etc/hosts.allow file to allow total access to my system services from my own computer. I didn't do that when I first added "all:all" to my deny file, and had some problems.
 
Old 12-20-2004, 02:53 PM   #4
objorkum
Member
 
Registered: Aug 2003
Location: Norway
Distribution: Slackware 10.0
Posts: 231

Original Poster
Rep: Reputation: 30
Thanks for the iptables command. Do I have to run it every time I reboot?

The problem with /etc/hosts.deny is that it only is for INET-services...
 
Old 08-17-2007, 12:32 PM   #5
yawe_frek
Member
 
Registered: Sep 2005
Distribution: feather 0.72-usb, DSL,CentOS,Ubuntu, Redhat 9
Posts: 144

Rep: Reputation: 15
hi drj000,

pls kindly let me know the problems you faced before adding the line

all:127.0.0.1 to /etc/host.allow. this is becos i am about doing the same thing.

Thnaks.
 
Old 08-17-2007, 02:54 PM   #6
drj000
Member
 
Registered: Sep 2004
Location: Houston, TX
Distribution: Fedora
Posts: 259

Rep: Reputation: 33
Quote:
Originally Posted by yawe_frek View Post
hi drj000,

pls kindly let me know the problems you faced before adding the line

all:127.0.0.1 to /etc/host.allow. this is becos i am about doing the same thing.

Thnaks.
That was a really long time ago, and I don't remember exactly. But as you see from my post, the problems I had was because I had "all:all" in my hosts.deny file, but didn't have all:127.0.0.1 in my hosts.allow file.
The result would be that any services that run on my computer that I had to access locally I wouldn't be able to do. For example, at that time, I was sending mail through sendmail as a regular SMTP server. In other words, I had my email program setup to use localhost (or 127.0.0.1) as my SMTP server, and consequently, I wasn't able to send mail.

I had (and still do have) an Apache server, so I couldn't access it, even locally.

Unless you have an unusual setup, I can't think of any way that adding that in could be damaging.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to setup a host.deny and host.allow for SSH? explorer1979 Linux - Security 2 01-31-2005 05:28 PM
Host in hosts.deny able to access HTTP service mikebalcos Linux - Networking 1 08-12-2004 09:40 AM
Quick quide to host.allow / deny? dtournas Linux - General 2 06-19-2004 06:17 AM
How do I deny host? Inexactitude Linux - Security 3 02-22-2004 02:00 PM
host.deny is very wierd ForumKid Linux - Security 1 12-26-2001 06:09 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration