How /etc/hosts.allow /etc/hosts.deny and smb.conf play along
hi list
Can somebody explain why smbd and nmbd are not affected by the following
strict ruleset in /etc/hosts* ?
/etc/hosts
127.0.0.1 MYHOSTNAME localhost.localdomain localhost
127.0.1.1 MYHOSTNAME
192.168.2.10 MYSERVER
cat /etc/hosts.allow
#ALL: localhost 127.0.1.1 192.168.2.0/24
ALL: localhost 127.0.1.1 192.168.2.0/32
/etc/hosts.deny
ALL: ALL
With this ruleset in place nmbd broadcasts still pull through and cifs mounts
are still possible, whereas ssh/rsh access is no longer possible.
To get rid of nmbd/smbd access I have to tweak smb.conf additionally:
/etc/samba/smb.conf
[global]
bind interfaces only = Yes
interfaces = 127.0.0.0/8, eth0
;; hosts allow = 192.168.2.0/24, 127.
hosts allow = 192.168.2.0/32, 127.
hosts deny = ALL
With this smb.conf tweaking it works fine, but why could smbd/nmbd run past
/etc/hosts.allow and /etc/hosts.deny without those lines in smb.conf?
To my limited CIDR understandig a /32 mask should restrict access to
192.168.2.0.0 and 192.168.2.1 - this should be fine for testing purposes.
Once this denies all services I'd set it to /24 to have access to the whole
"subnet" from 192.168.2.0-192.168.2.255 and 127.0.0.1 127.0.1.1
Reply to: