Dne 9.7.2012 16:52, Camaleón napsal(a):
On Sun, 08 Jul 2012 22:26:11 +0200, Zdenek Herman wrote:
(...)
When I set hosts.deny ALL: ALL and hosts.allow is empty. I can allow
connect to MySQL from anywhere - settings in hosts.allow and
hosts.deny are ignored.
(...)
I wonder if you aren't just missing the daemon to filter (mysqld) :-?
cat /etc/hosts.deny
My hosts.deny
(...)
ALL: ALL : spawn ( echo $(date '+%%d.%%m.%%y %%T') access DENIED from %u@%h [%a] >> /var/log/tcp_wrapper/%d.log ) &
(...)
My hosts.allow
(...)
sshd: 192.168.1.1 \
: spawn ( echo $(date '+%%d.%%m.%%y %%T') access ALLOWED from %u@%h [%a] >> /var/log/tcp_wrapper/%d.log ) &
And you said this was working for the sshd service, right?
I tested with mysqld: ALL in hosts.deny too.
Well, that should prevent connections coming from the same host (localhost)
unless you explicitely allow it from the hosts.allow, that has preference.
I don't know why does not work for you. Take a look into this article that
shows a few samples for using mysql with tcp wrappers:
http://www.unixmen.com/securing-services-with-tcp-wrappers/
And also read the manual ("man hosts_options"), maybe we are omitting
something obvious...
Greetings,