In the Usenet newsgroup comp.os.linux.networking, in article
<(E-Mail Removed). com>,
(E-Mail Removed) wrote:
>I hate to seem like I'm "crying wolf", but the following
>hosts.deny is still letting the occassional person through.
Possible syntax error (see below)
>My hosts.allow is empty. I am starting to wonder if there is
>a software bug.
I'd really recommend running in the opposite mode. Populate the
/etc/hosts.allow file, and set /etc/hosts.deny to just 'ALL: ALL'
In that way, if you make a mistake, the default is to deny, rather than
letting it fall all the way through and pass.
>httpd, sshd: 80., 209., 210., 211., 212., 213., 214., 215., 216., 217.,
>218., 60
>.36., 195.70., 202., 203.,204.,205.,206.,207.,208.,201.
Is that one line only? If not, the newlines have to be escaped
You could simplify this using a mask value. 200.0.0.0/248.0.0.0 and
208.0.0.0/240.0.0.0 would cover the range 200.0.0.0 - 223.255.255.255
in just two entries, but a lot better solution would be to list the
blocks that you wish to _allow_ rather than those you wish to block.
For what it's worth, 195.70.x.x is allocated to seven different countries
(AT, CH, CZ, HU, NO, RU, UK), and 60.36 is part of 60.32.0.0/255.240.0.0
and allocated to JP.
>I've gotten people getting through this from 206.* and other places.
"through this" how? What daemon and application are they connecting to?
Personally, I block with the firewall, rather than tcp_wrappers.
Remember, not all applications use tcp_wrappers (either directly or
through libwrap) - but the firewall gets there first.
Old guy
Similar Threads
Linear Mode
