justinm99
asked on
Shell script question
Hi Guys,
I'm setting up a restricted access server which will only allow access to a list of ip addresses. Here's the xinetd config:
# cat /etc/xinetd.d/vsftp
#xinetd config for vsftpd
service ftp
{
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
only_from = 192.168.2.1 192.168.2.99
nice = 10
disable = no
}
I'm also going to have a text file with a list of addresses, it will look something like this:
# cat iplist
192.168.2.1
192.168.2.99
192.168.2.100
what I need to do is write a script that deletes the addresses after "only_from = " and then adds all the addresses from the list. and instead of going to the next line the addresses will be seperated by spaces.
any ideas?
thanks!
I'm setting up a restricted access server which will only allow access to a list of ip addresses. Here's the xinetd config:
# cat /etc/xinetd.d/vsftp
#xinetd config for vsftpd
service ftp
{
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
only_from = 192.168.2.1 192.168.2.99
nice = 10
disable = no
}
I'm also going to have a text file with a list of addresses, it will look something like this:
# cat iplist
192.168.2.1
192.168.2.99
192.168.2.100
what I need to do is write a script that deletes the addresses after "only_from = " and then adds all the addresses from the list. and instead of going to the next line the addresses will be seperated by spaces.
any ideas?
thanks!
How about just using /etc/hosts.allow or /etc/hosts.deny? You can specify port numbers and IP addresses of hosts that are explicitly allowed or denied. Just do a "man hosts.allow" to get information on the syntax.
The best way to restrict acces to server is using iptables.
For example, to restrict access to ftp.
You can use shell scripts as:
iptables -A INPUT -p tcp -m tcp -s 192.168.2.1 --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 192.168.2.99 --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 192.168.2.100 --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 25 -j REJECT
Or. If you want to use list of addresses in iplist file then you could use this script
`cat iplist|sed -e 's/\(.*\)/iptables -A INPUT -p tcp -m tcp -s \1 --dport 25 -j ACCEPT/'`
iptables -A INPUT -p tcp -m tcp --dport 25 -j REJECT
For example, to restrict access to ftp.
You can use shell scripts as:
iptables -A INPUT -p tcp -m tcp -s 192.168.2.1 --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 192.168.2.99 --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 192.168.2.100 --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 25 -j REJECT
Or. If you want to use list of addresses in iplist file then you could use this script
`cat iplist|sed -e 's/\(.*\)/iptables -A INPUT -p tcp -m tcp -s \1 --dport 25 -j ACCEPT/'`
iptables -A INPUT -p tcp -m tcp --dport 25 -j REJECT
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.