[svlug] /etc/hosts.deny tcpd problems

Bill Jonas bill at billjonas.com
Thu Jun 21 16:06:15 PDT 2001


On Thu, Jun 21, 2001 at 06:15:36PM -0400, Galen J. Wilkerson wrote:
> #/etc/hosts.deny
> proftpd: ALL EXCEPT .garble.gen.ak.us
> 
> thoughts?

In /etc/hosts.allow:
proftpd: .garble.gen.ak.us

In /etc/hosts.deny:
proftpd: ALL

I unsure if that's the exact syntax, but you get the idea.  It might be
"ftp" or "FTP" instead of "proftpd".

The way it works is that when an incoming connection is requested,
tcpwrappers looks in /etc/hosts.allow, and if it's there, the connection
is permitted.  If nothing matches in hosts.allow, the /etc/hosts.deny
file is consulted; if there's a match, access is denied.  If neither
matches, the the connection request is granted.

Upon looking at hosts_access(5), it looks as though your construct would
also work.  I believe you just need to change "proftpd" to "ftp".  If
I'm not mistaken, it's the service name, not the daemon name.

-- 
Bill Jonas    *    bill at billjonas.com    *    http://www.billjonas.com/
"As we enjoy great advantages from the inventions of others,  we should
be glad of an opportunity to serve others by any invention of ours; and
this we should do freely and generously."          -- Benjamin Franklin




More information about the svlug mailing list