[GRLUG] hosts.allow/deny
Raymond McLaughlin
driveray at ameritech.net
Thu Apr 13 17:49:43 EDT 2006
Topher wrote:
> I hate ftp, so I never run any daemons on my box. I have one app that can
> only export to the web via ftp however, so I'm thinking of putting an ftpd
> on one of my boxes. I on;y want to allow connections from that one box
> however.
>
> A friend mentioned that I should look into just setting up hosts.allow and
> .deny properly, so I'm going to head down that path.
>
> I thought I'd ask here to see if anyone has these kind of rules already
> set up though, or if there are better suggestions.
At the risk of coming too close to answering the question you actually asked...
Yes I have used them it's not complicated. The sytax you may want in
/etc/hosts.allow might be something like:
FTP : www.xxx.yyy.zzz : ALLOW
Beyond that,
man 5 host_access
is your friend. The most significant part might be:
ACCESS CONTROL FILES
The access control software consults two files. The search stops
at the first match:
o Access will be granted when a (daemon,client) pair matches an entry
in the /etc/hosts.allow file.
o Otherwise, access will be denied when a (daemon,client) pair matches
an entry in the /etc/hosts.deny
file.
o Otherwise, access will be granted.
A non-existing access control file is treated as if it were an empty
file. Thus, access control can be turned off by providing no access
control files.
I hope this helps
Raymond McLaughlin
More information about the grlug
mailing list