Services which contain libwrap module can use hosts.deny to control Access
ldd  /usr/sbin/vsftpd    |grep libwrap
ldd  /usr/sbin/sendmail  |grep libwrap
ldd  /usr/sbin/sshd      |grep libwrap

To Restrict a host/network  to control access to a Service.

1.  Using Hostname/Domainname
vim /etc/hosts.deny
vsftpd                     ->All hosts in domain denied to access ftp
vsftpd                ->Host server in denied to access

2.  Using  Ipaddress/Network
vim /etc/hosts.deny
vsftpd         ->All hosts in 1.0 N/W denied.
vsftpd                       ->Host 1.4 denied.

3.  To  Deny all Except few
vim /etc/hosts.deny
sshd: ALL  EXCEPT            ->Any domain other than are denied the Access to ssh.

4. To  Allow all Except few
vim /etc/hosts.allow
ALL:  EXCEPT  ->All hosts are allowed to connect to all services except

Both entries allow/deny can be given in either hosts.allow or hosts.deny file


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s