Re: hosts.deny doesn't work for web services

To: debian-user@lists.debian.org
Subject: Re: hosts.deny doesn't work for web services
From: Andrew Nelson <freeandy@gmail.com>
Date: Mon, 17 Oct 2005 09:58:24 -0500
Message-id: <[🔎] 20051017095824.507eeb62@compdeandy>
References: <[🔎] 4353B602.5090907@mailbox.tu-dresden.de>

On Mon, 17 Oct 2005 16:32:34 +0200
Nikolai Hlubek <nikolai.hlubek@mailbox.tu-dresden.de> wrote:

> Hi everyone :-)
> 
> On one of my machines I'm running a zope server. This server should
> only be accessible from my LAN so I set:
> 
> hosts.deny
> ALL: ALL
> 
> The hosts.deny manual states:
> This  denies all service to all hosts, unless they are permitted
> access by entries in the allow file.
> 
> 
> Ping and ssh connects are refused but the web services provided by
> zope are still accessible from the outside. Is this a bug or am I
> missing something here?
> 
> Cheers,
> Nikolai
> 

I'm pretty sure hosts.allow only works for a small set of services
wrapped by the tcpd deamon.  I think your gonna need iptables to block
your web server.

You might try shorewall if you dislike writing iptables scripts
as much as I do.

BTW:  I don't think tcpd has anything do to with ping being blocked.
Hopefully someone else on the list will correct me if I'm wrong.

//andy

Reply to:

References:
- hosts.deny doesn't work for web services
  - From: Nikolai Hlubek <nikolai.hlubek@mailbox.tu-dresden.de>

Prev by Date: Re: hosts.deny doesn't work for web services
Next by Date: listing ISO content, need development package
Previous by thread: Re: hosts.deny doesn't work for web services
Next by thread: direct rendering on i845G chipset
Index(es):
- Date
- Thread