Re: /etc/host.deny and co
Linh Dang <Linh.Dang.linhd@nt.com> writes:
> Hi
>
> I want to deny telnet, ftp and smtp connection from ANY other sites.
> But I want to accept http connection, pull down pop3, imap and
> send out mail (smtp).
>
> How do I setup /etc/host.deny, /etc/host.allow and CO. I will RTFM
> but since security is so important (that why I choose Debian) I'd like
> to hear all the tips, tricks and know all traps, pitfalls...
Well, /etc/hosts.allow and hosts.deny doesn't affect sending out mail,
or http connections (since apache isn't run with tcpwrappers). Also,
pulling down pop3 and imap just means that your machine has to accept
mail coming from localhost.
Here's what I'd recommend for /etc/hosts.allow:
# Some coments
ALL: ALL@127.0.
And for /etc/hosts.deny:
# Some comments
ALL: ALL@ALL
This will allow connections from anyone with an IP address beginning
with "127.0." - this should be only localhost, and although people
outside your machine can fake individual inbound packets with this IP
address, they can't actually establish a connection this way, because
of the dialog that needs to happen to initiate a connection. Any
other connections will be denied.
If you want to monitor who's trying to do what, you could do what I do
in my hosts.deny:
ALL: ALL@ALL : rfc931 : spawn ((echo %c %a contacting %d; /bin/netstat --inet -n; echo traceroute -p 31434 %a) > /tmp/watch.$$ 2>&1)
Of course, then you have to periodically go and look at those files...
Hmmm - I see someone wanted to talk to nmbd on Sunday; I wish I'd
noticed at the time...
Reply to: