Re: How to block access from specific sites.
On Wed, Dec 01, 1999 at 05:08:33PM -0700, Raphael Clancy wrote: > Is there a quick way (on a debian 2.0 system) to block specific > adresses from making inetd style connections (ie. ftp, telnet > etc?) my instincts tell me that is has to do with the > /etc/hosts.deny file. unfortunately I can't find any info on it > in the man pages, of course, some of mine may be missing (gotta > love getting other people's boxes). Along with all the other responses, you might look into the xinetd package. xinetd allows you the allow/deny specific services to specific hosts/networks, and let others through. -- Larry -- Larry Clapp / hm: [EMAIL PROTECTED] Great Southern Oxymorons: Grits connoisseur
Re: How to block access from specific sites.
*- On 2 Dec, Martin Fluch wrote about "Re: How to block access from specific sites." > -BEGIN PGP SIGNED MESSAGE- > > > On Wed, 1 Dec 1999, Ethan Benson wrote: > >> ALL: *.microsoft.com >> sshd: *.apple.com >> in.ftpd: 192.168.0.5 >> >> are some examples, you should get a pretty decent man page with man 5 >> hosts.deny if not then your man pages are broken :) >> >> (btw I don't remember for sure if the * is needed or not it probably >> isn't but i don't think it matters) > > It's done without a '*' (AFAIK) ... Martin > No wildcard is needed according to 'man 5 hosts_access'. · A string that begins with a `.´ character. A host name is matched if the last components of its name match the specified pattern. For example, the pat tern`.tue.nl´matchesthehostname `wzv.win.tue.nl´. · A string that ends with a `.´ character. A host address is matched if its first numeric fields match the given string. For example, the pattern `131.155.´ matches the address of (almost) every hoston the Eindhoven University network (131.155.x.x). -- Brian Servis -- Mechanical Engineering | Never criticize anybody until you Purdue University | have walked a mile in their shoes, [EMAIL PROTECTED] | because by that time you will be a http://www.ecn.purdue.edu/~servis | mile away and have their shoes.
Re: How to block access from specific sites.
-BEGIN PGP SIGNED MESSAGE- On Wed, 1 Dec 1999, Ethan Benson wrote: > ALL: *.microsoft.com > sshd: *.apple.com > in.ftpd: 192.168.0.5 > > are some examples, you should get a pretty decent man page with man 5 > hosts.deny if not then your man pages are broken :) > > (btw I don't remember for sure if the * is needed or not it probably > isn't but i don't think it matters) It's done without a '*' (AFAIK) ... Martin - -- Where do you want to go today? - As far from Redmond as possible! For public PGP-key: finger [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQCVAwUBOEXLKLCGSMW7I2etAQHT7wQAp79sMxOd7bdVKLGPLQ8Q3p/MkdKIWgk9 r/Z3dqtCJbl0IALx07iLwLimLRfUtcdP+4uJs3NY2f+EDpp9CiZSUGGj8/iRyPv8 KxpdRzkPWs8iiiP9KQ3Pl+0VkFvra2u/mC4l+pLCcDFgxI9Bj6l6vhJIzUUp2pYA /varpOZaVpY= =KJAT -END PGP SIGNATURE-
Re: How to block access from specific sites.
-BEGIN PGP SIGNED MESSAGE- On Wed, 1 Dec 1999, Raphael Clancy wrote: > Is there a quick way (on a debian 2.0 system) to block specific > adresses from making inetd style connections (ie. ftp, telnet etc?) my > instincts tell me that is has to do with the /etc/hosts.deny file. > unfortunately I can't find any info on it in the man pages, of course, > some of mine may be missing (gotta love getting other people's boxes). man tcpd man hosts_access man hosts_options man inetd.conf Martin - -- Where do you want to go today? - As far from Redmond as possible! For public PGP-key: finger [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQCUAwUBOEW637CGSMW7I2etAQEWiQP3SVsnUbDu6CBYr4usXu8NvBMY6SH7SNjs 1uPBZYlVxbwbt/Ov0Oucf6yMNdn5doubuR7eti7wgqH7pm3ZJazFDqy/yCKrXEp5 G4lZiS+xRLb8/TlxUG0oUn+13LlEcCM9fNYI/wtv3NUBg96dj3k+2NMAJqBehJQu rW14DHXDoA== =P/dP -END PGP SIGNATURE-
Re: How to block access from specific sites.
On 1/12/99 Raphael Clancy wrote: Is there a quick way (on a debian 2.0 system) to block specific adresses from making inetd style connections (ie. ftp, telnet etc?) my instincts tell me that is has to do with the /etc/hosts.deny file. unfortunately I can't find any info on it in the man pages, of course, some of mine may be missing (gotta love getting other people's boxes). ##hosts.deny ALL: *.microsoft.com sshd: *.apple.com in.ftpd: 192.168.0.5 are some examples, you should get a pretty decent man page with man 5 hosts.deny if not then your man pages are broken :) (btw I don't remember for sure if the * is needed or not it probably isn't but i don't think it matters) Ethan
RE: How to block access from specific sites.
On 02-Dec-1999 Raphael Clancy wrote: > Is there a quick way (on a debian 2.0 system) to block specific adresses > from making inetd style connections (ie. ftp, telnet etc?) my instincts tell > me that is has to do with the /etc/hosts.deny file. unfortunately I can't > find any info on it in the man pages, of course, some of mine may be missing > (gotta love getting other people's boxes). > > Thanks try 'man 5 hosts_access' (without quotes) -- Andrew
Re: How to block access from specific sites.
Hi Raphael Have u ever tried ipchains? This is a good tool for doing this, and a great resort for making firewalls. For example, u wanna block some packages that come from the network 192.160.50.*. So u must edit your /etc/init.d/network file, including this lines ipchains -A forward -s 192.160.50.0/32 -d "your network" -i eth0 -j DENY Regards Eber Diniz - Original Message - From: Raphael Clancy <[EMAIL PROTECTED]> To: Sent: Wednesday, December 01, 1999 10:08 PM Subject: How to block access from specific sites. > Is there a quick way (on a debian 2.0 system) to block specific adresses from making inetd style connections (ie. ftp, telnet etc?) my instincts tell me that is has to do with the /etc/hosts.deny file. unfortunately I can't find any info on it in the man pages, of course, some of mine may be missing (gotta love getting other people's boxes). > > Thanks > > R. > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null >
How to block access from specific sites.
Is there a quick way (on a debian 2.0 system) to block specific adresses from making inetd style connections (ie. ftp, telnet etc?) my instincts tell me that is has to do with the /etc/hosts.deny file. unfortunately I can't find any info on it in the man pages, of course, some of mine may be missing (gotta love getting other people's boxes). Thanks R.