[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: hosts.allow no efective



On Thu, Nov 03, 2005 at 12:42:14PM +0200, Meni Shapiro wrote:
> i got a problem with /etc/hosts.allow & /etc/host.deny
> I got some rules there BUT i notice what ever i put it is ignored!!!
> the files are not effective ????
> 
> Why is that??
> 
> eg:
> /etc/hosts.allow:
> SENDMAIL: ALL
> #HTTPD: ALL
> 
> and still i can connect via web (port 80)

The lines in /etc/hosts.{allow,deny} only apply to applications which
have been compiled to support tcpwrappers.  It also makes a difference
what name you use, as some applications are picky about that.  Also,
tcpwrappers incure a rather large penalty for applications that need to
be able to handle many rapic connects/disconnects, like mail and web
servers.  If your machine handled high amounts of traffic, then forcing
Apache through tcpwrappers would bring the machine to a crawl.

That said, you want to use a firewall for the greatest level of
certainty.  Personally, I prefer shorewall for its immense flexibility,
but there are plenty of other options out there.

-Roberto
-- 
Roberto C. Sanchez
http://familiasanchez.net/~roberto

Attachment: pgpXP7C54knGG.pgp
Description: PGP signature


Reply to: