Re: hosts.deny doesn't work for web services
On Mon, 17 Oct 2005 16:32:34 +0200
Nikolai Hlubek <nikolai.hlubek@mailbox.tu-dresden.de> wrote:
> Hi everyone :-)
>
> On one of my machines I'm running a zope server. This server should
> only be accessible from my LAN so I set:
>
> hosts.deny
> ALL: ALL
>
> The hosts.deny manual states:
> This denies all service to all hosts, unless they are permitted
> access by entries in the allow file.
>
>
> Ping and ssh connects are refused but the web services provided by
> zope are still accessible from the outside. Is this a bug or am I
> missing something here?
>
> Cheers,
> Nikolai
>
I'm pretty sure hosts.allow only works for a small set of services
wrapped by the tcpd deamon. I think your gonna need iptables to block
your web server.
You might try shorewall if you dislike writing iptables scripts
as much as I do.
BTW: I don't think tcpd has anything do to with ping being blocked.
Hopefully someone else on the list will correct me if I'm wrong.
//andy
Reply to: