[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Host.Allow, Host.Deny

Posted on 2007-11-21
6
Medium Priority
?
2,170 Views
Last Modified: 2013-12-17
I want to refuse a whole set of IP from all services except sending email to us.
eg. IP 89.
In the host.allow file :
sendmail: 89.

In the host.deny file:
ALL: 89.

Is this correct ?

0
Comment
Question by:ChanYiuPong
6 Comments
 
LVL 10

Expert Comment

by:ssvl
ID: 20332903
Yes you are right


order is this:

1. Allow the connection if it matches a line in hosts.allow. End.

2. Deny the connection if it maches a ling in hosts.deny. End.

3. Allow the connection.

Since the default is to allow any connection that doesn't match,
0
 

Author Comment

by:ChanYiuPong
ID: 20333429
But will the ALL override the sendmail. Do you mean that when it saw sendmail in host.allow with the IP, then it will not check host.deny ?
0
 

Author Comment

by:ChanYiuPong
ID: 20333441
And I should use "sendmail" and not "email" or something like that ?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 3

Expert Comment

by:amirs80
ID: 20333541
--------/etc/hosts.allow--------
ALL : attack_ip : DENY
sendmail : attack_ip : DENY
smtp : attack_ip : DENY

please check this
0
 
LVL 3

Expert Comment

by:mediaonegraphics
ID: 20338630
I agree with ssvl. The allow is parsed before deny. Also just put a sendmail allow and not smtp as it is handled by the sendmail daemon.
0
 
LVL 10

Accepted Solution

by:
ssvl earned 1500 total points
ID: 20345982
But will the ALL override the sendmail. Do you mean that when it saw sendmail in host.allow with the IP, then it will not check host.deny

Yes(it check and reject the 2nd occurrence.)



And I should use "sendmail" and not "email" or something like that ?

You should use a service name

FYR
http://www.softpanorama.org/Net/xinetd_and_tcp_wrappers.shtml
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Suggested Courses
Course of the Month19 days, 5 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question