hosts.deny question

egarnel · 09-15-2003, 09:16 AM

This may seem like a silly question....

I know I can block at the domain level in hosts.deny

ALL: aol.com
ALL: evilhacker.net

but can I block a root level domain such as .cn, .za.... etc?

I don't see why not, but I can't seem to find any info to validate it.

druuna · 09-15-2003, 09:44 AM

This will help: man 5 hosts_access

But to give you the short answer: yes you can.

stickman · 09-15-2003, 03:30 PM

You may want to consider putting "ALL:ALL" in your hosts.deny. If you read the man page for hosts.allow and hosts.deny, it say that if there is no match in either file then access is granted. For example, if you explicitly allow domain_a and explicitly deny domain_b, then domain_c is granted access. Using "ALL:ALL" is the catchall for what you do not explicitly allow.