hosts.allow/deny

**investsource** · 09-28-2009 04:31 PM

Hi,

I have a problem. I set up Host Access Control (block IP access) to block ALL FTP requests except a couple specific IP addresses.

But when I try to use FTP client - it would still connect to FTP. Do you know why is this happening? Do I have to reboot the server or something?

Thank you!

**InstaCarma_Tech** · 09-29-2009 05:43 AM

Originally Posted by investsource

Hi,

I have a problem. I set up Host Access Control (block IP access) to block ALL FTP requests except a couple specific IP addresses.

But when I try to use FTP client - it would still connect to FTP. Do you know why is this happening? Do I have to reboot the server or something?

Thank you!

You do not need to reboot the server but you might need to save the rules (service iptables save) / restart the firewall.

**brianoz** · 09-29-2009 10:33 PM

Originally Posted by InstaCarma_Tech

You do not need to reboot the server but you might need to save the rules (service iptables save) / restart the firewall.

InstaCarma_Tech, you missed that he's using hosts.allow/deny. These files don't work with all applications, they have to be coded specially to use them and hosts.allow and deny have now been superseded with iptables. I wouldn't recommend using them for anything.

Unfortunately, you'll have to use iptables to do the job, but the good news is it applies to all applications on the server. You may be able to go to configserver.com and install CSF which is a set of tools that make iptables much, much easier; but do spend the time reading the notes and fine tuning it.

**InstaCarma_Tech** · 09-30-2009 02:52 AM

You are right Brianoz..I missed that. But yeah, what I was suggesting was indeed iptables or a firewall like CSF

**votethehost.com** · 10-02-2009 04:17 PM

Well, you can do this easily with hosts.allow/deny

===========================================
open /etc/hosts.deny

and the following line in it

service_name: ALL
===========================================
The above entry will deny access from all IP's to the specified server EXCEPT the IP's allowed in file /etc/hosts.allow

Now open /etc/hosts.allow

and add the following:

===========================================
Open /etc/hosts.allow

and the following line in it

service_name: IP here (xx.xx.xx.xx)

===========================================
Doing this the specified service will be blocked for all IP's except the one specified in hosts.allow file.

Hope this helps you

**Spiral** · 10-02-2009 04:55 PM

Hosts.deny is not the best choice if you went to only block specific services!

This would be better done with a firewall rule, such as:

Code:

# iptables -A INPUT -s ! x.x.x.x -p tcp --dport 21 -j REJECT

"x.x.x.x" in the above example would be the IP Address or CIDR Range
that you want to allow to have FTP access and all others are rejected.

If you forget the "!" above then the logic is reversed and the IP address or CIDR range becomes the specific address(es) you want to block.

LinkBack

Thread Tools

hosts.allow/deny

clear hosts allow/deny script.

hosts.deny not doing a $%^% thing, Any ideas?

BFD and hosts.deny

Deny hosts

hosts.deny