Skip to Main Content
Linux Server Hacks, Volume Two
book

Linux Server Hacks, Volume Two

by William von Hagen, Brian K. Jones
December 2005
Beginner content levelBeginner
480 pages
13h 27m
English
O'Reilly Media, Inc.
Content preview from Linux Server Hacks, Volume Two

Hack #64. Allow or Deny Access by IP Address

Using the power of your text editor, you can quickly lock out malicious systems.

When running secure services, you'll often find that you want to allow and/or deny access to and from certain machines. There are many different ways you can go about this. For instance, you could implement access control lists (ACLs) at the switch or router level. Alternatively, you could configure iptables or ipchains to implement your access restrictions. However, a simpler method of implementing access control is via the proper configuration of the /etc/hosts.allow and /etc/hosts.deny files. These are standard text files found in the /etc directory on almost every Linux system. Like many configuration files found within Linux, they can appear daunting at first glance, but with a little help, setting them up is actually quite easy.

Protecting Your Machine with hosts.allow and hosts.deny

Before we jump into writing complex network access rules, we need to spend a few moments reviewing the way the Linux access control software works. Inbound packets to tpcd, the Linux TCP daemon, are filtered through the rules in hosts.allow first, and then, if there are no matches, they are checked against the rules in hosts.deny. It's important to note this order, because if you have contradictory rules in each file you should be aware that the rule in hosts.allow will always be implemented, as the first match is found there. This ceases the filtering, and the incoming ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Linux Server Hacks

Linux Server Hacks

Rob Flickenger
Mastering CentOS 7 Linux Server

Mastering CentOS 7 Linux Server

Mohamed Alibi, BHASKARJYOTI ROY

Publisher Resources

ISBN: 0596100825Errata Page