Re: hosts.allow & hosts.deny

Subject: Re: hosts.allow & hosts.deny
From: Bryn Hughes (linux@demian.shacknet.nu)
Date: Thu Jan 18 2001 - 10:18:07 MST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Bo Brinkman: "Re: hosts.allow & hosts.deny"
• Previous message: John L Grantham: "Re: Turn off PowerBook speakers?"
• In reply to: Philip Good: "Re: hosts.allow & hosts.deny"
• Next in thread: Bo Brinkman: "Re: hosts.allow & hosts.deny"
• Reply: Bryn Hughes: "Re: hosts.allow & hosts.deny"

I set everything up like that, and ended up with NOBODY able to connect at
all, the server was refusing all connections.

I also tried removing the trailing zero and just leaving the period, that
didn't work either.

In the end, I just deleted my hosts.deny file, and that of course allowed
connections again. My messages log does show IP addresses being refused
that match up with the subnets in my hosts.allow file.

My hosts.allow:

192.168.128.0 : ALL : ALLOW
192.168.129.0 : ALL : ALLOW
192.168.130.0 : ALL : ALLOW
142.30.100.0 : ALL : ALLOW
142.30.101.0 : ALL : ALLOW
142.30.102.0 : ALL : ALLOW
142.30.103.0 : ALL : ALLOW

My hosts.deny:

ALL:ALL:DENY

on 1/16/01 6:29 AM, Philip Good at phil@redplanetx.com wrote:

> in hosts.deny put
>
> ALL : ALL : DENY
>
> in hosts.allow put:
>
> aaa.aaa.aaa.aaa : ALL : ALLOW
> aaa.bbb.ccc.ddd : ALL : ALLOW
> xxx.xxx.xxx.0 : ALL : ALLOW
> .domain.com : ALL : ALLOW
>
> this will allow access by the first two IPs, all addresses that start with
> xxx.xxx.xxx and allow access from all hosts from the domain
> domain.com.
>
> Phil
>
>> I'm having some trouble setting up my hosts.allow and hosts.deny files. The
>> man entries explain everything more or less, except I don't know what the
>> wildcard entry is! For some reason my man pages are slightly messed up and
>> I get something like a control character instead of whatever the real
>> wildcard character is.
>>
>> What I want to do:
>>
>> DENY access to everyone, then
>> ALLOW access to just our internal IP addresses
>> ALLOW access to a few individual static addresses off site
>>
>> I don't need to do anything as far as limiting access to specific ports or
>> anything else exotic at this point as I'm not running mail/web/ftp services
>> on this machine for anyone other than the above mentioned addresses.
>>
>> I'm also hoping that ALLOW takes precedence over DENY? Some systems I've
>> worked with (notably Windows 2000) look at DENY and then ALLOW, which makes
>> it very difficult to create a "nobody EXCEPT XYZ" type of policy.
>>
>> Thanks,
>>
>> Bryn
>>
>>

• Next message: Bo Brinkman: "Re: hosts.allow & hosts.deny"
• Previous message: John L Grantham: "Re: Turn off PowerBook speakers?"
• In reply to: Philip Good: "Re: hosts.allow & hosts.deny"
• Next in thread: Bo Brinkman: "Re: hosts.allow & hosts.deny"
• Reply: Bryn Hughes: "Re: hosts.allow & hosts.deny"

This archive was generated by hypermail 2a24 : Thu Jan 18 2001 - 10:18:57 MST