LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-13-2006, 06:30 AM   #1
gr00ve
Member
 
Registered: Jan 2004
Location: varies
Distribution: Blag, Slackware
Posts: 36

Rep: Reputation: 15
hosts_deny


please help me out (it should be simple)

if i don;t want somebody to connect to the service (service checks with xinetd to see who is allowed) i'd normally put this person in hosts_deny which is ok, so it would look like:

111.111.111.0/24:

thus blocking 111.111.111.0-255 connections.

however if i'd be to try to block a range of 111.111.111.0 - 111.111.222.0
what kind of entry would i need to put in hosts_deny ?


txs!

PS Also is there same possibility to block ipranges with PAM or PAM also somehow talks to XINETD ?
 
Old 05-13-2006, 09:29 AM   #2
camorri
LQ 5k Club
 
Registered: Nov 2002
Location: Somewhere inside 9.9 million sq. km. Canada
Distribution: Slackware 15.0, current, slackware-arm-currnet
Posts: 6,209

Rep: Reputation: 845Reputation: 845Reputation: 845Reputation: 845Reputation: 845Reputation: 845Reputation: 845
The approach I used was simple enough. In the hosts.deny file I put an entry of

ALL:ALL

which shuts out the world. Then in the hosts allow file I have entries for the hosts I want to connect.

As I understand it, the deny file is processed, and overridden by the hosts.allow file. It is much easier to keep track of who should get in rather than who shluld not.

Hope this helps.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration