blocking ftp

[pajordan]

i want allow only certain hosts to be able to ftp to a debian linux server.

searching online, i've seen suggestions to use hosts.allow

i am not sure how to do this; if i add a line:
in.ftpd: ###.###.###.###: ALLOW
in.ftpd: ALL: DENY

(where ###.###.###.### is the ip address)

this seems to have no effect; i can still connect via ftp from hosts that do not have the desired ip address.

any suggestions?

[bigtomrodney]

Your entry for ftpd might be better off located in /etc/hosts.deny

Anything found in /etc/hosts.allow first will be allowed past. You can also try the option PARANOID rather than DENY e.g.

Code:

in.ftpd:ALL:PARANOID

I think most people do this stuff through IPTables these days anyway. It might be easier to set up a rule in there, I don't see that many people using /etc/hosts.* anymore personally.

[newd to linux]

If you don't want ANYONE to ftp to your machine, don't mess with tcpwrappers. Instead, go to your /etc/inetd.conf file and comment out ftpd. Better yet, uninstall the ftp server on the machine. Then use iptables to drop connections on port 21.

Why run an ftp daemon that you don't want to use?

Why leave the port open?

Screw tcpwrappers and /etc/hosts.allow and /etc/hosts.deny... Forget the bandaid solutions and eradicate the problem.

[iwanabeguru]

newd to linux:
You read first before write, i hope you aren't a write only user.
He want provide a ftp service but just for certain hosts.

[iwanabeguru]

On a static ip network you can use iptables for dropping connections from unwanted hosts.
iptables -A INPUT -p tcp --dport 21 -s xxx.xxx.xxx.xxx -j ACCEPT
.
.
.
iptables -A INPUT -p tcp --dport 21 -j DROP

this will allow the package from the specified host.

2.
May the system will recognize the new options after a reboot.

3.
hosts.deny won't block access - Ubuntu Forums