Re: hosts deny, alow
On Mon, 11 Feb 2002 aku@ns1.cyberkodok.web.id wrote:
> 1. i try to configure in hosts.deny :
>
> ALL:ALL@ALL
Hi Aku,
To deny all incoming connections for tcpwrapped ports it is
sufficient to have this line in your /etc/hosts.deny file:
ALL: ALL
The endpoint construct isn't necessary for what you seem to want.
> and try in hosts.allow :
>
> ALL : 202.xxx.xxx.xx1, 202.xxx.xxx.xx2
>
> But when i try from 202.xxx.xxx.xx1 and 202.xxx.xxx.xx2 the message
> is Connection closed by remote host.
>
> how to configure in close all and allow from
> that ip?
Well, if you want to allow all types of connections from those two
IPs that should do it. You just have to state the ip numbers separated
by spaces and/or comma's according to the manpage (see man hosts_access).
Which is what you seem to do (assuming those x's aren't really in
there... `;-)
However I strongly suggest you open only those ports that you need
instead of all of them, but you can do that after things are working
the way you want it.
Of course even if tcp_wrapper gives you access the deamon doesn't
have to do so too... So, maybe it's not the wrapper that's denying you
access. If you think your hosts.deny and hosts.allow files are fine,
then maybe it's good to make sure the deamon accepts your connections.
> 2. I try to close port 111 in services and give # on port sunrpc
> 111/tcp, and inetd but
> allways be open.
You don't block access by commenting lines in the services file.
There's two locations you can do that: the file /etc/inetd.conf
and the files in the directory /etc/init.d. Those are the ones that
control your inetd processes and your deamons. To stop portmapper
you can add "exit 0" on it's own line at the top of the file
/etc/init.d/portmap, immediately after the commentsheader. If you
want to disable portmapper only for a specific runlevel, then you can
also rename the appropriate symlink in /etc/rc[23].d/
HTH
--
J.A. de Vries aka HdV
Delft University of Technology
Computing Centre
Email: HdV@DTO.TUDelft.NL
Reply to: