hosts.deny

Check service linked to libwrap / tcpwrapper

In order to use hosts_access (hosts.allow/hosts.deny), a service would need to be compiled in with tcpwrapper (tcpd) support and can be checked easily with the below commands.

hosts_access is great as an alternative to iptables and firewall, specifically if you are hosted on a VPS with limited resources for iptables rules.

# ldd `which sshd` | grep -i libwrap

or

# strings `which sshd` | grep -i libwrap

Both the commands should echo out libwrap.so.0 which would mean hosts_access can be used for service sshd.

Make sure you are able to connect to ssh, add your IP to "/etc/hosts.allow". In the below case I am using the full range of my local intranet (LAN).

# Allow localhost
ALL: 127.
# Allow LAN
sshd: 192.168.

Now to block ssh access to others, simply add the below lines to "/etc/hosts.deny".

# Block everyone else from SSH
sshd: ALL

Note: hosts.allow takes precedence over hosts.deny.

Comment