Solved

Host.Allow, Host.Deny

Posted on 2007-11-21
6
2,152 Views
Last Modified: 2013-12-17
I want to refuse a whole set of IP from all services except sending email to us.
eg. IP 89.
In the host.allow file :
sendmail: 89.

In the host.deny file:
ALL: 89.

Is this correct ?

0
Comment
Question by:ChanYiuPong
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 10

Expert Comment

by:ssvl
ID: 20332903
Yes you are right


order is this:

1. Allow the connection if it matches a line in hosts.allow. End.

2. Deny the connection if it maches a ling in hosts.deny. End.

3. Allow the connection.

Since the default is to allow any connection that doesn't match,
0
 

Author Comment

by:ChanYiuPong
ID: 20333429
But will the ALL override the sendmail. Do you mean that when it saw sendmail in host.allow with the IP, then it will not check host.deny ?
0
 

Author Comment

by:ChanYiuPong
ID: 20333441
And I should use "sendmail" and not "email" or something like that ?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 3

Expert Comment

by:amirs80
ID: 20333541
--------/etc/hosts.allow--------
ALL : attack_ip : DENY
sendmail : attack_ip : DENY
smtp : attack_ip : DENY

please check this
0
 
LVL 3

Expert Comment

by:mediaonegraphics
ID: 20338630
I agree with ssvl. The allow is parsed before deny. Also just put a sendmail allow and not smtp as it is handled by the sendmail daemon.
0
 
LVL 10

Accepted Solution

by:
ssvl earned 500 total points
ID: 20345982
But will the ALL override the sendmail. Do you mean that when it saw sendmail in host.allow with the IP, then it will not check host.deny

Yes(it check and reject the 2nd occurrence.)



And I should use "sendmail" and not "email" or something like that ?

You should use a service name

FYR
http://www.softpanorama.org/Net/xinetd_and_tcp_wrappers.shtml
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Unix process listing into CSV format 3 53
what do I need to host my own web sites? 13 67
SSH in linux 9 69
Shrink Linux Swap File Size CentOS 10 29
Utilizing an array to gracefully append to a list of EmailAddresses
Resolve DNS query failed errors for Exchange
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data‚Ķ
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question