On Thu, Nov 03, 2005 at 12:42:14PM +0200, Meni Shapiro wrote:
> i got a problem with /etc/hosts.allow & /etc/host.deny
> I got some rules there BUT i notice what ever i put it is ignored!!!
> the files are not effective ????
>
> Why is that??
>
> eg:
> /etc/hosts.allow:
> SENDMAIL: ALL
> #HTTPD: ALL
>
> and still i can connect via web (port 80)
The lines in /etc/hosts.{allow,deny} only apply to applications which
have been compiled to support tcpwrappers. It also makes a difference
what name you use, as some applications are picky about that. Also,
tcpwrappers incure a rather large penalty for applications that need to
be able to handle many rapic connects/disconnects, like mail and web
servers. If your machine handled high amounts of traffic, then forcing
Apache through tcpwrappers would bring the machine to a crawl.
That said, you want to use a firewall for the greatest level of
certainty. Personally, I prefer shorewall for its immense flexibility,
but there are plenty of other options out there.
-Roberto
--
Roberto C. Sanchez
http://familiasanchez.net/~roberto
Attachment:
pgpJG2IkDKVij.pgp
Description: PGP signature