I want to deny a host access to all services running on my server. How can I do that? iptables?

with iptables, it's...

iptables -A INPUT -j REJECT -s x.x.x.x

you can also change REJECT to DROP if you just want to ignore them and not let them know that they're being rejected.

In your /etc/hosts.deny file, add "all:ip address of computer from which you want access blocked"
Personally, for security reasons, I have "all:all" in my /etc/hosts.deny file, to deny everyone access to everything, and then allow selective computers access to certain services depending on my needs. I let my parents computer, and all my University's computers have access to sshd, for instance, so I can use my computer from my parent's house, and anywhere on campus. And of course, I have "all:127.0.0.1" in my /etc/hosts.allow file to allow total access to my system services from my own computer. I didn't do that when I first added "all:all" to my deny file, and had some problems.

Thanks for the iptables command. Do I have to run it every time I reboot?

The problem with /etc/hosts.deny is that it only is for INET-services...

hi drj000,

pls kindly let me know the problems you faced before adding the line

all:127.0.0.1 to /etc/host.allow. this is becos i am about doing the same thing.

Thnaks.

That was a really long time ago, and I don't remember exactly. But as you see from my post, the problems I had was because I had "all:all" in my hosts.deny file, but didn't have all:127.0.0.1 in my hosts.allow file.
The result would be that any services that run on my computer that I had to access locally I wouldn't be able to do. For example, at that time, I was sending mail through sendmail as a regular SMTP server. In other words, I had my email program setup to use localhost (or 127.0.0.1) as my SMTP server, and consequently, I wasn't able to send mail.

I had (and still do have) an Apache server, so I couldn't access it, even locally.

Unless you have an unusual setup, I can't think of any way that adding that in could be damaging.