The TCP wrappers implements access control through the use of two files, /etc/hosts.allow and /etc/hosts.deny.

Note that the hosts.allow file takes precedence over the hosts.deny file.

A recommended security-strategy is to block all incoming requests by default, but allow specific hosts or networks to connect.

To deny everything by default, add the following line to /etc/hosts.deny:

ALL: ALL

To accept incoming SSH connections from e.g. nodes host1, host2 and host3, add the following line to /etc/hosts.allow:

sshd: host1 host2 host3

To accept incoming SSH connections from all servers from a specific network, add the name of the subnet to /etc/hosts.allow. For example:

sshd: host1 host2 host3 .subnet.host1.com

To accept incoming portmap connections from IP address 192.168.0.1 and subnet 192.168.5, add the following line to /etc/hosts.allow:

portmap: 192.168.0.1 192.168.5.

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.