Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 03-31-2004, 08:58 PM   #1
LQ Newbie
Registered: Mar 2004
Posts: 3

Rep: Reputation: 0
deny.hosts does not work in blocking anything

Hi All,

I'm running fedora redhat and I'm trying to test my hosts.deny file.

I've opened up a connection on : port 143 with this command for netcat

nc -p 143 -l

This creates a pseudo server that I then try to connect to from a remote host.

Now I have set hosts.deny to --> ALL : ALL

and hosts.allow to --> ALL: LOCAL

However everytime I try to connect to port 143 it lets me login when it should be denying me access?

I thought Fedora would have support for hosts.deny even on a basic install? What is wrong here?
Old 04-06-2004, 03:37 AM   #2
Senior Member
Registered: Dec 2000
Location: Gothenburg, SWEDEN
Distribution: OpenSUSE 10.3
Posts: 1,028

Rep: Reputation: 45
The hosts.allow hosts.deny files are part of the tcpwrappers system.
To be able to use this kind of control the server need to be compiled with tcpwrapper support.
Some server functions are ready to run with tcpwrappers while others need to be recompiled or just replace the command line that runs the server. Usually in the /etc/xinetd.conf or /etc/xinetd.d/
Old 04-06-2004, 05:15 AM   #3
Registered: Jan 2004
Posts: 409

Rep: Reputation: 30
what about sendmail?
Old 04-06-2004, 08:00 AM   #4
Senior Member
Registered: Dec 2000
Location: Gothenburg, SWEDEN
Distribution: OpenSUSE 10.3
Posts: 1,028

Rep: Reputation: 45
Scissored out from
All servers cannot be protected by tcpd due to the specific details of the network protocols and the different services:

* tcpd is designed to be started with each new connection in order to log the connections. Servers such as sendmail that have a high overhead are typically started once to reduce startup overhead; therefore they are not easily managed by tcpd which only logs the first connection.
* tcpd can only protect servers that use TCP (transmission control protocol) and UDP (user datagram protocol).
* Some servers use both TCP and RPC (remote procedure call) protocols. These cannot be protected by tcp wrapper. These servers specify the protocols as rpc/tcp in the third field of inetd.conf (4).
* Only servers that operate on one connection at a time can be protected. (Note that there may be multiple instances of such server processes at any given time, but each instance is only activated for exactly one connection and terminates upon completion. This is different from having one instance handle multiple incoming connections.) Other servers stay active after finishing the initiating connection waiting for other connection requests. Such servers can be recognized by the flag "wait" in the fourth field of inetd.conf.
Old 04-06-2004, 09:45 AM   #5
Senior Member
Registered: Nov 2002
Location: pikes peak
Distribution: Slackware, LFS
Posts: 2,577

Rep: Reputation: 48
Now I have set hosts.deny to --> ALL : ALL
try this......


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
hosts.allow & hosts.deny question... jonc Linux - Security 9 03-05-2005 10:41 PM
Adding shell commands to hosts.deny and hosts.allow ridertech Linux - Security 3 12-29-2003 04:52 PM
hosts.deny help/how-to jon_k Linux - Software 1 07-25-2003 11:17 PM
hosts.deny and hosts.allow defaults? gui10 Linux - Security 5 12-20-2001 02:57 AM
hosts.deny 98steve600 Linux - General 1 01-10-2001 08:39 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:01 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration