[lug] hosts.deny syntax

Chip Atkinson catkinson at circadence.com
Tue Jun 19 15:45:19 MDT 2001


If I understand what you wrote, you have to use ipchains. 
hosts.deny/allow only control what xinetd launches.  It doesn't control 
outbound traffic at all.  Some applications such as sshd look at hosts.* 
too, but again, it's only for inbound traffic.

Chip

D. Stimits wrote:

> I'm trying to clean up some /etc/hosts.deny items for a relatively new
> RH 7.1 install. There are a few trouble domains I want completely
> blocked (ipchains already does this, but I want xinetd to also ignore
> them through its tcpwrappers mechanism). Basically, I want something
> like this for a /16 domain:
> ALL: 123.456.
> 
> Or this for a /24:
> ALL: 123.456.789.
> 
> But this is not doing what I want, and for example, web browsers can
> still get out and receive a reply from those domains. So is it mandatory
> to add a service or daemon name as well? E.G., must I do something like:
> in.httpd: ALL: 123.456.
> 
> ?
> 
> D. Stimits, stimits at idcomm.com
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug




More information about the LUG mailing list