Tags:
create new tag
, view all tags
  • /etc/hosts.allow, and
  • /etc/hosts.deny
are two files that help control network access to a machine on a network.

I think they affect only those network services controlled by inetd (??) or xinetd.

I'd like to contrast them to a firewall:

  • /etc/hosts.allow and /etc/hosts.deny control access at the source — a firewall is more of a filtering solution that can be applied anywhere between the source and the destination
  • (consequently), if you don't own/control the source (if you can't make changes to the /etc/hosts.allow and /etc/hosts.deny files, you can't use them to limit access — you can use a firewall

See:

Contents

Notes

AFAICT, the /etc/hosts.deny file is processed first, so a typical way to set the files up is to:

  • first deny access to all services for all destinations in /etc/hosts.deny by adding the line "All: All"
  • then allow access to the services and destinations you wish to allow in /etc/hosts.allow by adding appropriate lines. Some examples (note that allowing the localhost is required in many (all??) cases — at this point in time I cannot explain why):
    • All: 127.0.0.1 192.168.0.12 # Allow access to all network services from 192.168.0.12
    • All: 127.0.0.1 192.168.0. # Allow access to all network services from any machine on subnet 192.168.0.*
    • I presume you can specify specific services, like telnet, ssh, ... but I haven't done that.

Resources

See Resource Recommendations. Feel free to add additional resources to these lists, but please follow the guidelines on ResourceRecommendations including Guidelines_for_Rating_Resources.

Recommended

So far, I haven't found a man page for either file, and they are not discussed on man hosts. Maybe on man inetd or man xinetd — nope, not even on the long man xinetd.conf page. Probably need to do a Google search.

  • (rhk) [[][]]; ; —

Contributors

  • () RandyKramer - 18 May 2003
  • If you edit this page: add your name here; move this to the next line; and if you've used a comment marker (your initials in parenthesis), include it before your WikiName.

Page Ratings

Topic revision: r1 - 2003-05-18 - RandyKramer
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by PerlCopyright 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding WikiLearn? WebBottomBar">Send feedback
See TWiki's New Look