Home > centos, freebsd, Linux > TCP WRAPPER Services


Services which contain libwrap module can use hosts.deny to control Access
ldd  /usr/sbin/vsftpd    |grep libwrap
ldd  /usr/sbin/sendmail  |grep libwrap
ldd  /usr/sbin/sshd      |grep libwrap

To Restrict a host/network  to control access to a Service.

1.  Using Hostname/Domainname
vim /etc/hosts.deny
vsftpd  .example.com                     ->All hosts in example.com domain denied to access ftp
vsftpd  server.example.com                ->Host server in example.com denied to access

2.  Using  Ipaddress/Network
vim /etc/hosts.deny
vsftpd         ->All hosts in 1.0 N/W denied.
vsftpd                       ->Host 1.4 denied.

3.  To  Deny all Except few
vim /etc/hosts.deny
sshd: ALL  EXCEPT   matrix.com            ->Any domain other than matrix.com are denied the Access to ssh.

4. To  Allow all Except few
vim /etc/hosts.allow
ALL:  .example.com  EXCEPT  cracker.example.com  ->All example.com hosts are allowed to connect to all services except cracker.example.com.

Both entries allow/deny can be given in either hosts.allow or hosts.deny file

Categories: centos, freebsd, Linux Tags:
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: