Re: hosts.allow & hosts.deny

Subject: Re: hosts.allow & hosts.deny
From: Bryn Hughes (linux@demian.shacknet.nu)
Date: Fri Jan 19 2001 - 10:53:34 MST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Dennis Morrison: "SMP kernel"
• Previous message: Paul W. Roach III: "Can't get NIC to work properly"
• In reply to: Bo Brinkman: "Re: hosts.allow & hosts.deny"
• Next in thread: Dennis Morrison: "SMP kernel"
• Next in thread: Philip Good: "Re: hosts.allow & hosts.deny"
• Reply: Bryn Hughes: "Re: hosts.allow & hosts.deny"

Ah yes... I just made that change, and everything seems to be happy now.

Thanks everyone!

Bryn
on 1/18/01 9:46 AM, Bo Brinkman at brinkman@cs.princeton.edu wrote:

> I didn't notice this earlier, but this format is exactly backward from
> what I am using on RedHat and YellowDog 1.2.1. I think the correct
> format is
>
> <service> : <ip>
>
> ...but maybe I don't know anything. :) For example, my hosts.allow looks
> like this
>
> ALL : 127.0.0.1,localhost,brinkman.student.princeton.edu
> ALL : brinkman2.student.princeton.edu
>
> and my hosts.deny is
>
> ALL : ALL
>
> I highly recommend making this work, and getting a very restrictive
> hosts.deny if you have a very predictable ip address and no firewall. My
> Linux box was hacked within two days of setup when I first got my edu
> connection.
>
> Bryn Hughes wrote:
>>
>> I set everything up like that, and ended up with NOBODY able to connect at
>> all, the server was refusing all connections.
>>
>> I also tried removing the trailing zero and just leaving the period, that
>> didn't work either.
>>
>> In the end, I just deleted my hosts.deny file, and that of course allowed
>> connections again. My messages log does show IP addresses being refused
>> that match up with the subnets in my hosts.allow file.
>>
>> My hosts.allow:
>>
>> 192.168.128.0 : ALL : ALLOW
>> 192.168.129.0 : ALL : ALLOW
>> 192.168.130.0 : ALL : ALLOW
>> 142.30.100.0 : ALL : ALLOW
>> 142.30.101.0 : ALL : ALLOW
>> 142.30.102.0 : ALL : ALLOW
>> 142.30.103.0 : ALL : ALLOW
>>
>> My hosts.deny:
>>
>> ALL:ALL:DENY
>>
>> on 1/16/01 6:29 AM, Philip Good at phil@redplanetx.com wrote:
>>
>>> in hosts.deny put
>>>
>>> ALL : ALL : DENY
>>>
>>> in hosts.allow put:
>>>
>>> aaa.aaa.aaa.aaa : ALL : ALLOW
>>> aaa.bbb.ccc.ddd : ALL : ALLOW
>>> xxx.xxx.xxx.0 : ALL : ALLOW
>>> .domain.com : ALL : ALLOW
>>>
>>> this will allow access by the first two IPs, all addresses that start with
>>> xxx.xxx.xxx and allow access from all hosts from the domain
>>> domain.com.
>>>
>>> Phil
>>>
>>>> I'm having some trouble setting up my hosts.allow and hosts.deny files.
>>>> The
>>>> man entries explain everything more or less, except I don't know what the
>>>> wildcard entry is! For some reason my man pages are slightly messed up and
>>>> I get something like a control character instead of whatever the real
>>>> wildcard character is.
>>>>
>>>> What I want to do:
>>>>
>>>> DENY access to everyone, then
>>>> ALLOW access to just our internal IP addresses
>>>> ALLOW access to a few individual static addresses off site
>>>>
>>>> I don't need to do anything as far as limiting access to specific ports or
>>>> anything else exotic at this point as I'm not running mail/web/ftp services
>>>> on this machine for anyone other than the above mentioned addresses.
>>>>
>>>> I'm also hoping that ALLOW takes precedence over DENY? Some systems I've
>>>> worked with (notably Windows 2000) look at DENY and then ALLOW, which makes
>>>> it very difficult to create a "nobody EXCEPT XYZ" type of policy.
>>>>
>>>> Thanks,
>>>>
>>>> Bryn
>>>>
>>>>

• Next message: Dennis Morrison: "SMP kernel"
• Previous message: Paul W. Roach III: "Can't get NIC to work properly"
• In reply to: Bo Brinkman: "Re: hosts.allow & hosts.deny"
• Next in thread: Dennis Morrison: "SMP kernel"
• Next in thread: Philip Good: "Re: hosts.allow & hosts.deny"
• Reply: Bryn Hughes: "Re: hosts.allow & hosts.deny"

This archive was generated by hypermail 2a24 : Fri Jan 19 2001 - 10:53:56 MST