On Thu, Nov 03, 2005 at 12:42:14PM +0200, Meni Shapiro wrote: > i got a problem with /etc/hosts.allow & /etc/host.deny > I got some rules there BUT i notice what ever i put it is ignored!!! > the files are not effective ???? > > Why is that?? > > eg: > /etc/hosts.allow: > SENDMAIL: ALL > #HTTPD: ALL > > and still i can connect via web (port 80)
The lines in /etc/hosts.{allow,deny} only apply to applications which
have been compiled to support tcpwrappers. It also makes a difference
what name you use, as some applications are picky about that. Also,
tcpwrappers incure a rather large penalty for applications that need to
be able to handle many rapic connects/disconnects, like mail and web
servers. If your machine handled high amounts of traffic, then forcing
Apache through tcpwrappers would bring the machine to a crawl.
That said, you want to use a firewall for the greatest level of
certainty. Personally, I prefer shorewall for its immense flexibility,
but there are plenty of other options out there.
-Roberto
--
Roberto C. Sanchez
http://familiasanchez.net/~roberto
pgpyiLopcRNq4.pgp
Description: PGP signature
