In order to use hosts_access (hosts.allow/hosts.deny), a service would need to be compiled in with tcpwrapper (tcpd) support and can be checked easily with the below commands.
hosts_access is great as an alternative to iptables and firewall, specifically if you are hosted on a VPS with limited resources for iptables rules.
# ldd `which sshd` | grep -i libwrap
or
# strings `which sshd` | grep -i libwrap
Both the commands should echo out libwrap.so.0 which would mean hosts_access can be used for service sshd.
Make sure you are able to connect to ssh, add your IP to "/etc/hosts.allow". In the below case I am using the full range of my local intranet (LAN).
# Allow localhost
ALL: 127.
# Allow LAN
sshd: 192.168.
Now to block ssh access to others, simply add the below lines to "/etc/hosts.deny".
# Block everyone else from SSH
sshd: ALL
Note: hosts.allow takes precedence over hosts.deny.
- sandip's blog
- Login or register to post comments