LinuxQuestions.org - hosts

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - hosts_deny (https://www.linuxquestions.org/questions/linux-security-4/hosts_deny-444376/)

please help me out (it should be simple)

if i don;t want somebody to connect to the service (service checks with xinetd to see who is allowed) i'd normally put this person in hosts_deny which is ok, so it would look like:

111.111.111.0/24:

thus blocking 111.111.111.0-255 connections.

however if i'd be to try to block a range of 111.111.111.0 - 111.111.222.0
what kind of entry would i need to put in hosts_deny ?

txs!

PS Also is there same possibility to block ipranges with PAM or PAM also somehow talks to XINETD ?

The approach I used was simple enough. In the hosts.deny file I put an entry of

ALL:ALL

which shuts out the world. Then in the hosts allow file I have entries for the hosts I want to connect.

As I understand it, the deny file is processed, and overridden by the hosts.allow file. It is much easier to keep track of who should get in rather than who shluld not.

Hope this helps.