The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

hosts.allow/deny

Discussion in 'General Discussion' started by investsource, Sep 28, 2009.

  1. investsource

    investsource Registered

    Joined:
    Sep 28, 2009
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    I have a problem. I set up Host Access Control (block IP access) to block ALL FTP requests except a couple specific IP addresses.

    But when I try to use FTP client - it would still connect to FTP. Do you know why is this happening? Do I have to reboot the server or something?

    Thank you!
     
  2. InstaCarma_Tech

    InstaCarma_Tech Well-Known Member

    Joined:
    Apr 22, 2009
    Messages:
    228
    Likes Received:
    1
    Trophy Points:
    18
    You do not need to reboot the server but you might need to save the rules (service iptables save) / restart the firewall.
     
  3. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    InstaCarma_Tech, you missed that he's using hosts.allow/deny. These files don't work with all applications, they have to be coded specially to use them and hosts.allow and deny have now been superseded with iptables. I wouldn't recommend using them for anything.

    Unfortunately, you'll have to use iptables to do the job, but the good news is it applies to all applications on the server. You may be able to go to configserver.com and install CSF which is a set of tools that make iptables much, much easier; but do spend the time reading the notes and fine tuning it.
     
  4. InstaCarma_Tech

    InstaCarma_Tech Well-Known Member

    Joined:
    Apr 22, 2009
    Messages:
    228
    Likes Received:
    1
    Trophy Points:
    18
    You are right Brianoz..I missed that. But yeah, what I was suggesting was indeed iptables or a firewall like CSF :)
     
  5. votethehost.com

    votethehost.com Active Member

    Joined:
    Oct 2, 2009
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chicago
    Well, you can do this easily with hosts.allow/deny

    ===========================================
    open /etc/hosts.deny

    and the following line in it

    service_name: ALL
    ===========================================

    The above entry will deny access from all IP's to the specified server EXCEPT the IP's allowed in file /etc/hosts.allow

    Now open /etc/hosts.allow

    and add the following:

    ===========================================
    Open /etc/hosts.allow

    and the following line in it

    service_name: IP here (xx.xx.xx.xx)

    ===========================================
    Doing this the specified service will be blocked for all IP's except the one specified in hosts.allow
    file.

    Hope this helps you :)
     
  6. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Hosts.deny is not the best choice if you went to only block specific services!

    This would be better done with a firewall rule, such as:
    Code:
    # iptables -A INPUT -s ! x.x.x.x -p tcp --dport 21 -j REJECT
    
    "x.x.x.x" in the above example would be the IP Address or CIDR Range
    that you want to allow to have FTP access and all others are rejected.

    If you forget the "!" above then the logic is reversed and the IP address or CIDR range becomes the specific address(es) you want to block.
     
Loading...

Share This Page