Find the answer to your Linux question:

View Poll Results: Do you prefer xinetd or tcpwrappers?

Voters
5. You may not vote on this poll
  • xinetd

    0 0%
  • tcpwrappers

    2 40.00%
  • both

    1 20.00%
  • I just trust my firewall and pray

    2 40.00%
Results 1 to 5 of 5
Hello ppl! I was reading the man pages for hosts.allow and hosts.deny, but have a hard time understanding how the naming convention for services works. I want to add ALL: ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2003
    Posts
    2

    Need help with configuring hosts.allow and hosts.deny


    Hello ppl!

    I was reading the man pages for hosts.allow and hosts.deny, but have a hard time understanding how the naming convention for services works.

    I want to add ALL: ALL in hosts.deny, and add rules to hosts.allow to enable the following ports ONLY access from outside:

    httpd (port 80) access to all
    pop3 access
    smtp access (I use qmail)
    sshd
    and mysqld (3306)

    I also have no idea how I can tell which services are being "supervised" by tcpwrapers. If I should make all my services run through xinetd instead/as well or not.

    Basically, I want to secure up my box and need some help!

    Thanks a bunch,
    The Mutha.

  2. #2
    Linux Guru
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    3,284
    as far as i was aware it was only services that provided an interactive login, such as SSHD which used tcp wrappers?

    I use iptables to control exactly what goes in and out from which IP addresses can access what ports etc, and i am more than confident this method provides a suitable level of security for me.

    Jason

  3. #3
    Just Joined!
    Join Date
    Jul 2003
    Posts
    2
    Hows does IPTABLES work? I want to limit my machine like a firewall. I.e. only allow input for

    web port
    pop3 port
    smtp port
    ping port
    mysql port (3306)
    ssh port

    Does iptables need a special deamon to be running, and if so, what? Please give some examples if possible.

    thanks!

  4. #4
    Linux Guru
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    3,284
    iptables is a command line tool which allows you to limit access to ports on your machine using a series of rules which you create. To fully appriciate iptables, it cannot be explained in a sentence. have a look here for a collection of howto's and tutorials:
    http://www.netfilter.org/documentation/index.html#HOWTO

    you may see some stuff relating to "ipchains", this is the older implementation of iptables. use iptables where possible, as it provides more features and greater control over your firewall.

    Jason

  5. #5
    Just Joined!
    Join Date
    Aug 2003
    Posts
    5

    Re: Need help with configuring hosts.allow and hosts.deny

    Quote Originally Posted by the_mutha
    Hello ppl!

    I was reading the man pages for hosts.allow and hosts.deny, but have a hard time understanding how the naming convention for services works.

    I want to add ALL: ALL in hosts.deny, and add rules to hosts.allow to enable the following ports ONLY access from outside:

    httpd (port 80) access to all
    pop3 access
    smtp access (I use qmail)
    sshd
    and mysqld (3306)

    I also have no idea how I can tell which services are being "supervised" by tcpwrapers. If I should make all my services run through xinetd instead/as well or not.

    Basically, I want to secure up my box and need some help!

    Thanks a bunch,
    The Mutha.
    naming convention:
    sendmail : localhost : allow
    ftpd: 192.168.1.1/255.255.255.0: allow

    You can only use qmail with tcp_wrapper if it's starting from inetd. Qmail recommend you do not start it that way.

    Why would you want to deny web viewers to your web site?
    if you must deny use the .htaccess file .

    Like the other auth mentioned, IPtable is a wise choice.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •