[techtalk] Hello from a Newbie!

Chris J/#6 sixie at nccnet.co.uk
Fri Jul 7 23:05:50 EST 2000


 
> ****Now for my Query****
> 
> I would like to restrict telnet access to my computer to only a few IP
> addresses.  In order to do this I edited the hosts.deny fill with ALL:ALL,
> and the hosts.allow file with the IP adresses which I wanted to allow
> access.  Unfortunately this doesn't seem to work.   Is there another way
> to restrict access?   If there is how do I do it?
> 

Part of me is still suprised hosts.deny is still in existance -- most (all?) 
linux dists these days ship with TCP wrappers that support extra options (man 
host_options(5)).

These options make hosts.deny redundant and mean you have only one file to 
manage ... :)

So, in your case, you could have:

ALL: <ipaddress>: ALLOW
ALL: <hostname>: ALLOW
ALL: ALL: DENY

in hosts.allow, and delete hosts.deny. you can even have login banners put on 
screen (see the "banners" keyword). I tend to use this as the last rule in 
hosts.allow:

ALL:ALL:rfc931 10: banners /etc/access/denied: spawn 
(/etc/access/bin/deny_log %a %h %u %d &): DENY

Which, for every service on every incoming address (unless an earlier rule 
matched it), it attempts an ident lookup (10 second timeout), displays a 
banner that says summat like "access denied", and spawns a trap door shell 
script that mails me before denying access.

Very powerful additions... :)

Chris...


-- 
@}-,'--------------------------------------------------  Chris Johnson --'-{@
    / "(it is) crucial that we learn the difference / sixie at nccnet.co.uk  \
   / between Sex and Gender. Therein lies the key  /                       \ 
  / to our freedom" -- LB                         / www.nccnet.co.uk/~sixie \ 







More information about the Techtalk mailing list