Re: hosts.deny doesn't work for web services
On Mon, 17 Oct 2005 16:32:34 +0200
Nikolai Hlubek <firstname.lastname@example.org> wrote:
> Hi everyone :-)
> On one of my machines I'm running a zope server. This server should
> only be accessible from my LAN so I set:
> ALL: ALL
> The hosts.deny manual states:
> This denies all service to all hosts, unless they are permitted
> access by entries in the allow file.
> Ping and ssh connects are refused but the web services provided by
> zope are still accessible from the outside. Is this a bug or am I
> missing something here?
I'm pretty sure hosts.allow only works for a small set of services
wrapped by the tcpd deamon. I think your gonna need iptables to block
your web server.
You might try shorewall if you dislike writing iptables scripts
as much as I do.
BTW: I don't think tcpd has anything do to with ping being blocked.
Hopefully someone else on the list will correct me if I'm wrong.