LJ Archive

Setting Services

To set which services are open and to whom (names or IP addresses) they are open, edit the /etc/hosts.allow and /etc/hosts.deny files.

By adding the line ALL: ALL below, we are not going to allow connections on all ports from all IP addresses (except those allowed in via the /etc/hosts.allow below). The ALL: PARANOID will deny access if the name found in the incoming stream does not match the name found via the IP address and DNS.

# /etc/hosts.deny: list of hosts that are _not_
# allowed to access the system. See hosts_access(5)
# and /usr/doc/net/portmapper.txt
#
# Example:
#  ALL: some.host.name, .some.domain
#  ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# The ALL: PARANOID wild card matches any host
# whose name does not match its address. ALL: ALL
In the following file, you need to specify which ports on your firewall will be open to which IP addresses on either the Internet or your local network. In the example below, I have allowed everyone in the local network to use TELNET to log in, but only one PC in the local LAN to use TELNET and FTP. Be careful what you open up and to whom.
# /etc/hosts.allow: list of hosts that are
# allowed to access the system. See
# hosts_access(5) and /usr/doc/net/portmapper.txt
#
# Example:
#   ALL: LOCAL @some_netgroup
#   ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# Allow telnet connections from some of the local
# PCs in our LAN
telnet: 192.168.0.
#
# Allow ALL connection types from one of our PCs
# in our LAN
ALL: 192.168.0.10
LJ Archive