![](https://seccdn.libravatar.org/avatar/6b9001530e39cd95e86e9d2280dce320.jpg?s=120&d=mm&r=g)
On Mon, 14 Feb 2000, Joakim Schramm wrote: <-]Date: Mon, 14 Feb 2000 21:21:03 +0100 <-]From: Joakim Schramm <joakim@humanet.se> <-]To: "suse-linux-e@suse.com" <suse-linux-e@suse.com> <-]Subject: [SLE] hosts.deny sysntax? <-] <-]Do you just put the ip like <-] <-]xxx.xxx.xxx.xxx <-] <-]in the hosts.deny file?anything needed to reload/restart? <-] <-]can you do ban like a whole subnet? There is notting in my hosts.deny <-]and I'm a little bit too much in a hurry to track this info on my own. Hi Joakim The information here is for hosts.allow, so this is the same thing. You choose one file to edit, not both. Usually, the syntax is the following: ervice: IP: PERMISSION Where service is the name of the service as it appears in /etc/inetd.conf, IP is the specific IP the permission is for and PERMISSION is allow or deny. As an example, if you want to prevent anyone without the IP 123.456.789.100 to use the telnet service on your server, your hosts.allow would look like this: in.telnetd: 123.456.789.100: ALLOW ALL:ALL:DENY You could use a specific subnet by replacing the IP with the domain begining with a "." : in.telnetd: .aol.com: ALLOW ALL:ALL:DENY The tcpd wrapper works this way: it reads hosts.allow first, reads the first line, the second one and so on... If someone tries to telnet into your machine using *.home.com, the second line applies, and then the connection will be refused. If someone else tries with *.aol.com, he will get the prompt from your server to enter login and password.... If anyone tries to ftp your server, then the second line applies, and connections are refused. You can see it all in /var/log/messages. It's pretty funny to watch. And you don't have to reboot your system for this to be effective. Further informations can be found with man tcpd. Hope that helps.... ciao ________________ Nicolas Beaulieu Economics Department, Universite Laval Centre de Recherches en Economie et Finances Appliquees (CREFA) Quebec, Canada 418-626-5033 _________________ http://www.penguinpowered.com/~montesquieu mailto:montesquieu@penguinpowered.com ICQ 15933500 ---> http://www.ccfa.org <--- ---> http://www.ccfc.ca <--- _________________ Le Renard: "Voici mon secret. Il est tres simple: on ne voit bien qu'avec le coeur. L'essentiel est invisible pour les yeux." Antoine de Saint-Exupery Le Petit Prince _________________ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/