allow and hosts.deny files. Here??™s the
/etc/hosts.allow file:
#
# hosts.allow This file describes the names of the hosts are
# allowed to use the local INET services, as decided
# by the ???/usr/sbin/tcpd??™ server.
#
cups-lpd: 199.170.177.
in.telnetd: 199.170.177., .linuxtoys.net
vsftpd: ALL
Here??™s the /etc/hosts.deny file:
#
# hosts.deny This file describes names of the hosts which are
# *not* allowed to use the local INET services, as
# decided by the ???/usr/sbin/tcpd??™ server.
#
ALL: ALL
The preceding example is a rather restrictive configuration. It allows connections to the cups-lpd
and telnet services from certain hosts, but then denies all other connections. It also allows connections
to the FTP service (vsftp) to all hosts. Let??™s examine the files in detail.
As usual, lines beginning with a # character are comments and are ignored by xinetd or inetd when
it parses the file. Each noncomment line consists of a comma-separated list of daemons followed
by a colon (:) character and then a comma-separated list of client addresses to check. In this context,
a client is any computer that attempts to access a network service on your system.
223
Securing Linux 6
A client entry can be a numeric IP address (such as 199.170.177.25) or a hostname (such as
jukebox.
Pages:
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484