[GRLUG] hosts.allow/deny

Benjamin Flanders flanderb at gmail.com
Fri Apr 14 07:49:09 EDT 2006


Is there a reason to put the rule in the deny file?  It seems more
natural to put allows in the allow file, instead of "not deny" in the
deny file.

On 4/14/06, Matthew Whitaker <Matthew.Whitaker at haworth.com> wrote:
> I agree with Raymond, although I would suggest this approach instead.
> Leave the hosts.allow file empty and put a statement like this in
> hosts.deny:
>
> Vsftpd: ALL EXCEPT www.xxx.yyy.zzz
>
> That will allow ONLY the one host that you want to have access.
>
> -----Original Message-----
> From: grlug-bounces at grlug.org [mailto:grlug-bounces at grlug.org] On Behalf
> Of Raymond McLaughlin
> Sent: Thursday, April 13, 2006 5:50 PM
> To: grlug at grlug.org
> Subject: Re: [GRLUG] hosts.allow/deny
>
> Topher wrote:
> > I hate ftp, so I never run any daemons on my box.  I have one app that
> can
> > only export to the web via ftp however, so I'm thinking of putting an
> ftpd
> > on one of my boxes.  I on;y want to allow connections from that one
> box
> > however.
> >
> > A friend mentioned that I should look into just setting up hosts.allow
> and
> > .deny properly, so I'm going to head down that path.
> >
> > I thought I'd ask here to see if anyone has these kind of rules
> already
> > set up though, or if there are better suggestions.
>
> At the risk of coming too close to answering the question you actually
> asked...
> Yes I have used them it's not complicated. The sytax you may want in
> /etc/hosts.allow might be something like:
>
>      FTP : www.xxx.yyy.zzz : ALLOW
>
> Beyond that,
>      man 5 host_access
> is your friend. The most significant part might be:
>      ACCESS CONTROL FILES
>             The access control software consults two files. The search
> stops
>      at the first match:
>      o      Access will be granted when a (daemon,client) pair matches
> an entry
>      in the /etc/hosts.allow file.
>      o      Otherwise, access will be denied when a (daemon,client) pair
> matches
>      an  entry  in  the  /etc/hosts.deny
>                file.
>      o      Otherwise, access will be granted.
>
>      A  non-existing  access  control file is treated as if it were an
> empty
>      file. Thus, access control can be turned off by providing no access
>      control files.
>
> I hope this helps
> Raymond McLaughlin
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
>
>
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
>


--
Share and Enjoy


More information about the grlug mailing list