On 25/10/2010, at 12:41 PM, Michael wrote:
> On 10/22/2010 01:16 AM, Tapas Mishra wrote:
>> I wanted to know if there is any place where people have shared these
>> IPs which needs to be blocked I feel most of the time the entries must
>> be common though not always.So if hosts.deny file is shared some where
>> then give a link.(I do use auth.log to note IPs to block)
>>
>>
>
> I have a bunch of entries in my hosts file with the 127.0.0.1 line
> added. I have always seen the hosts.deny and hosts.allow files but
> never know how to use them. When I google hosts.deny it says something
> about blocking a range of IP addresses. Is it safe to assume that using
> hosts.deny is more effective/better than just adding entries to the
> hosts file?
The /etc/hosts.{allow,deny} are part of tcp wrappers (ie, inetd/xinetd) and
have very little to do with host resolution (which is what /etc/hosts is for).
Normally, when I need to block an IP address I throw it at iptables (the
firewall) which is the correct place for it in a lot of (read "most")
situations.
However, if Tapas Mishra (the OP) is trying to use tcp wrappers to limit access
to certain services, then sharing /etc/hosts.{allow,deny} via NFS etc, then
symlink /etc/hosts{allow,deny} to /path/to/NFS/hosts.{allow,deny} should work.
Keep in mind the inetd/xinetd will probably need a SIGHUP (at least) to pick up
any changes in these files - I can't say for certain, I don't use inetd/xinetd
for anything these days, and can't remember its nuances. HUPing the
inetd/xinetd on each host is rather onerous and will probably lead to service
interuptions. YMMV
Cheers,
James
--
ubuntu-server mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
