[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: hosts.allow no efective

On Thu, Nov 03, 2005 at 12:42:14PM +0200, Meni Shapiro wrote:
> i got a problem with /etc/hosts.allow & /etc/host.deny
> I got some rules there BUT i notice what ever i put it is ignored!!!
> the files are not effective ????
> Why is that??
> eg:
> /etc/hosts.allow:
> and still i can connect via web (port 80)

The lines in /etc/hosts.{allow,deny} only apply to applications which
have been compiled to support tcpwrappers.  It also makes a difference
what name you use, as some applications are picky about that.  Also,
tcpwrappers incure a rather large penalty for applications that need to
be able to handle many rapic connects/disconnects, like mail and web
servers.  If your machine handled high amounts of traffic, then forcing
Apache through tcpwrappers would bring the machine to a crawl.

That said, you want to use a firewall for the greatest level of
certainty.  Personally, I prefer shorewall for its immense flexibility,
but there are plenty of other options out there.

Roberto C. Sanchez

Attachment: pgp7GGm0XX5ZG.pgp
Description: PGP signature

Reply to: