At 14:56 14/01/01, you wrote:
>Using "all:all" in /etc/hosts.deny and "all:local 192.168" in /etc/hosts.allow
>seems to kill swat (Samba web admin) and ssh (connections are immediately
>closed) while allowing other traffic such as cups web admin. Any ideas how to
>securly work around this or why it is happening?
>
>Thanks!
>
>John LeMay Jr.
>Senior Enterprise Consultant
>NJMC, LLC.
There must be a different reason why those daemons get killed off because, they
are not linked in any way to /etc/hosts.*.
The tcpd daemon uses /etc/hosts.* as its config files to see what is
blocked and
whats let thru, but this is only done through the inetd daemon stuff, such as
telnet, ftp etc... but not services which run on their own, such as httpd,
samba, sshd
and I assume swat as well.
For example this is a line for the pop3 server:
pop-3 stream tcp nowait root /usr/sbin/tcpd ipop3d
inetd is woken up by a connection attempt at port 110, then it starts up
tcpd, which
checks /etc/hosts.* and then decides whether or not to start up the pop3
daemon.
So since swat and ssh shouldnt be started from inetd anyway the fact that
/etc/httpd.*
contain all:all means nothing, coz that only affects services defined in
/etc/inetd.conf.
Try looking through the logs in /var/log and check if there is any reason
mentioned
why those 2 services are dying.
If you really want to block all ports and only let some through you should use
ipchains.
Sadin Nurkic
