[NTLUG:Discuss] hosts.deny

lee lee at brave.com
Thu Dec 13 15:06:33 CST 2001 

i'm guessing that you want to block http (port 80) requests. 
unfortunately, http is not usually managed by tcp wrappers 
(/etc/inetd.conf), which is also further configured by editing 
/etc/hosts.deny.

i suggest blocking all communication from those sites rather than just 
limiting the block to just what's handled by tcp wrapper services.  you 
can use ipchains for 2.2 kernels:
/sbin/ipchains -I input -s 193.253.0.0/24 -j DENY -l

or iptables for 2.4 kernels
/sbin/iptables -v -A INPUT -s 193.253.0.0/24 -j DROP

(but don't trust my networking numbers with the slash... i don't know 
how all that stuff works but i myself would try this first and then 
check the resulting effectivity :)

and you can selectively deny any particular port, or combination of 
ports, while allowing all others if you desire, there is a port flag to 
the command which accomplishes this for both ipchains and iptables. 
this would be handy if you wanted to deny all ftp requests and yet allow 
http requests, for example.  consult the ipchains/iptables docs for more 
details...

-- lee

Daniel L. Shipman wrote:

> OK - I have been getting a crap load of attempts from people wanadoo.fr 
> like:
> 
>  
> 
> ALamentin-101-1-1-170.abo.wanadoo.fr (193.253.224.170):
> 
>  
> 
> I want to go into hosts.deny and add
> 
>  
> 
> ALL: 192.153.224.0/255.255.248.0
> 
> ALL: .wanadoo.fr
> 
> ALL: wanadoo.fr
> 
>  
> 
> None of this accomplishes the taks!
> 
>  
> 
> What do you all suggest?
> 
>  
> 
> 
> 
> Thanks,
> 
> 
> Daniel
> Webmaster for:
> http://www.srj.net
> http://www.hometownhospital.com
> http://www.easyhealthcare.net
> http://www.ngpa.org
> http://www.cathedralofhope.com
> http://www.iusarentals.com
> 
> <http://hc2.humanclick.com/hc/20922718/?cmd=repstate&site=20922718&imageUrl=http://www.srj.net/humanclick&ver=1> 
> <http://hc2.humanclick.com/hc/20922718/?cmd=file&file=visitorWantsToChat&site=20922718&byhref=1>
> 
> 
> 
> *** CONFIDENTIALITY NOTICE *** Privileged/Confidential Information may 
> be contained in this message and/or its attachments. This message and 
> its attachments are intended only for use by the individual(s) listed as 
> the recipient(s). If you are not one of the intended recipient(s), or 
> responsible for delivery of the message to such person, you are hereby 
> notified that any disclosure, copying, distribution, or the taking of 
> any action in reliance on the contents of this information is strictly 
> prohibited. If you have received this message in error, please notify 
> the sender by return email and destroy all copies of the email. 
> Opinions, conclusions and other information in this message that do not 
> relate to official company business shall be understood as neither given 
> nor endorsed by the company.
>

More information about the Discuss mailing list