ChanYiuPong
asked on
Host.Allow, Host.Deny
I want to refuse a whole set of IP from all services except sending email to us.
eg. IP 89.
In the host.allow file :
sendmail: 89.
In the host.deny file:
ALL: 89.
Is this correct ?
eg. IP 89.
In the host.allow file :
sendmail: 89.
In the host.deny file:
ALL: 89.
Is this correct ?
ASKER
But will the ALL override the sendmail. Do you mean that when it saw sendmail in host.allow with the IP, then it will not check host.deny ?
ASKER
And I should use "sendmail" and not "email" or something like that ?
--------/etc/hosts.allow-- ------
ALL : attack_ip : DENY
sendmail : attack_ip : DENY
smtp : attack_ip : DENY
please check this
ALL : attack_ip : DENY
sendmail : attack_ip : DENY
smtp : attack_ip : DENY
please check this
I agree with ssvl. The allow is parsed before deny. Also just put a sendmail allow and not smtp as it is handled by the sendmail daemon.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
order is this:
1. Allow the connection if it matches a line in hosts.allow. End.
2. Deny the connection if it maches a ling in hosts.deny. End.
3. Allow the connection.
Since the default is to allow any connection that doesn't match,