[lug] hosts.deny syntax
Chip Atkinson
catkinson at circadence.com
Tue Jun 19 15:45:19 MDT 2001
If I understand what you wrote, you have to use ipchains.
hosts.deny/allow only control what xinetd launches. It doesn't control
outbound traffic at all. Some applications such as sshd look at hosts.*
too, but again, it's only for inbound traffic.
Chip
D. Stimits wrote:
> I'm trying to clean up some /etc/hosts.deny items for a relatively new
> RH 7.1 install. There are a few trouble domains I want completely
> blocked (ipchains already does this, but I want xinetd to also ignore
> them through its tcpwrappers mechanism). Basically, I want something
> like this for a /16 domain:
> ALL: 123.456.
>
> Or this for a /24:
> ALL: 123.456.789.
>
> But this is not doing what I want, and for example, web browsers can
> still get out and receive a reply from those domains. So is it mandatory
> to add a service or daemon name as well? E.G., must I do something like:
> in.httpd: ALL: 123.456.
>
> ?
>
> D. Stimits, stimits at idcomm.com
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list