Hi all,
I'm running a sparc 100 with Sun Solaris version 9. I also have apache and ssh running in the background. I would like to know how to deny all the access to my server from all DNS except for a couples ip which I want to give access to. I have created 2 files
"hosts.deny (ALL: ALL)" AND "hosts.allow (All: LOCAL 10.0.0.0/255.255.255.0) "
But It doesn't block any ip coming from apache or ssh at all. what do I need to configure for this works ?

many thanks

The hosts.allow, hosts.deny method work only for the services that run through inetd (using tcp wrappers). So either you use inetd to start the 2 services, or use iptables to control the access to them. For apache you can also use .htaccess to control who can access it.

Regards

iptables isn't available on Solaris 9 or in 10+, for at least licensing issues.

If you go the firewall way, Solaris 9 includes SunScreen.

iptables is based on linux kernel, that's why is not available on Solaris. On Solaris you can use ipfilter instead.

Regards

Apache and SSH can be compiled to be tcpwrapper aware (and are typically compiled that way, at least on other platforms...). I've never tried to implement tcpwrappers on Solaris.

Do you use openssh? The config file may be in a different location than /etc/ssh/sshd_config if you use a commercial version of ssh. Ssh might be compiled with tcp-wrappers so you can use the config file to control access.

Look at the AllowUsers entry. It will deny all other users.

Also read the allow.hosts manpage. You said that you only want to allow access from two hosts to apache and ssh, but your config allows all hosts on the 10/8 network access to all services. I think that access control would be better controlled in the apache configuration as well.