sir, i want to stop some local user ip address through hosts.deny and hosts.allow for httpd port 80 they can not use. i am using linux 6.1 redhat. can i do it or not if yes then how. because i have give some type of entry but i am not sucess. pl help me out with greate regards vinod guar

Hi, I have setup this in Solaris before, but never tried in Linux yet, I think they are more or less the same... First you have to know that host.allow OVERRIDE hosts.deny, so you should deny all in hosts.deny then enable valid client in hosts.allow. e.g. only allow telnet from 192.168.1.10: - hosts.deny: - in.telnetd:ALL:banners /etc/banners/deny - -hosts.allow: - in.telnetd:LOCAL, 192.168.1.10:banners /etc/banners/allow - /etc/banners/deny and /etc/banners/allow is the massage shown to user in both case Hope this help.. Jon

From memory In the hosts.allow file put 192.168.0.1:httpd # this allow this ip to connect to port 80 192.168.0.1:httpd in hosts.deny put ALL:ALL How it works is, when a connection is made if first check the host.allow file for a entry, if the entry is not there it goes to the hosts.deny and check if there a entry there. Id suggest you use IP tables or IPChains to do this rather than the hosts files, as this does not black all ports, only ports the use inet services

Its httpd: not the otherway as i stated in previous post

Again, most http daemons are not wrapped by tcpwrappers which usually runs from inetd. It is not impossible to use it in this manner, but it is unnecessary. All servers, apache,roxen,thtppd, come with their own access list implementations. In addition a simple packet filtering rule: ipchains -A input -s localaddy -d webserver -p tcp --dport 80 -j DENY -l will do the trick with less overhead and give you a log of access attempts.