xinetd and hosts.allow

Thomas Amwoza amwoza at comcast.net
Sun Apr 18 07:14:21 UTC 2004 

If you want to allow your local network (and local system) to use all the
services on your server, but also prevent all untrusted systems, then you
could use this syntax in your /etc/hosts.allow file:

ALL: EXCEPT 127.0.0.1,192.168.2. :DENY

This assumes that all the systems in your network are in the 192.168.2
network.

You will also need to delete the /etc/hosts.deny file so that it does not
conflict with what you are specifying in the /etc/hosts.allow file.

Tom

-----Original Message-----
From: fedora-list-bounces at redhat.com
[mailto:fedora-list-bounces at redhat.com] On Behalf Of Jay Daniels
Sent: Sunday, April 18, 2004 12:56 AM
To: For users of Fedora Core releases
Subject: Re: xinetd and hosts.allow


On Sat, Apr 17, 2004 at 07:45:58PM -0500, Thomas Amwoza wrote:
> It makes it easier, to me anyhow, to specify everything in one file 
> using that syntax.  You can say ALLOW, or DENY in the third column and 
> eliminate the need for a separate hosts.deny file.  You can read more 
> about it by typing "man hosts_options" at a terminal prompt.
>
> Tom
>


So I should put DENY at the end instead of ALLOW?


jay


> -----Original Message-----
> From: fedora-list-bounces at redhat.com 
> [mailto:fedora-list-bounces at redhat.com] On Behalf Of Aaron Konstam
> Sent: Saturday, April 17, 2004 6:38 PM
> To: For users of Fedora Core releases
> Subject: Re: xinetd and hosts.allow
>
>
> On Sat, Apr 17, 2004 at 11:10:46AM -0500, Thomas Amwoza wrote:
> > Delete the /etc/hosts.deny file (or rename it hosts.deny.bak) and 
> > use this syntax in the /etc/hosts.allow file:
> >
> > ALL: LOCAL, 192.168.2.0/255.255.255.0, darkforce.darktech.org, 
> > my_static_ip_here : ALLOW
> >
> >
> > Tom
> I have never sen that syntax with :ALLOW That seems wrong.
> --
> -------------------------------------------
> Aaron Konstam
> Computer Science
> Trinity University
> One Trinity Place.
> San Antonio, TX 78212-7200
>
> telephone: (210)-999-7484
> email:akonstam at trinity.edu
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
> ---





--
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3026 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040418/f286c2f4/attachment-0001.bin>

More information about the fedora-list mailing list