BLOG HOME -  UK WEB HOSTING -  PHP MYSQL HOSTING -  RESELLER HOSTING -  eUKhost FORUMS -  VPS HOSTING

How to Restrict System Access from Servers and Networks ?

October 10, 2006 at 6:00 am · Filed under Internet Security, Server Security, Web Hosting

Generally firewall is used to protect a server from other servers & networks. But many times protecting a server within a network, by using a TCP wrapper, is also needed.

Most of the Linux distributions comes with xinetd server. This xinetd server includes a built in TCP wrapper. It can be used to define network services to accept incoming connections from specified servers and networks. The TCP wrappers uses two files, /etc/hosts.allow and /etc/hosts.deny through which it implements access control.

# Deny everything by default, add the following line to /etc/hosts.deny:

ALL: ALL

# Accept incoming SSH connections from e.g. nodes bamdns1, bamdns2 and bamdns3, add the following line to /etc/hosts.allow:

sshd: bamdns1 bamdns2 bamdns3

# Accept incoming SSH connections from all servers from a specific network, add the name of the subnet to /etc/hosts.allow

sshd: bamdns1 bamdns2 bamdns3 .subnet.server1.com

# Accept connections from all servers on subnet .subnet.server1.com but not from server bamdns4.subnet.server1.com, you could add the following line to /etc/hosts.allow:

ALL: .subnet.server1.com EXCEPT bamdns4.subnet.server1.com

# Accept incoming portmap connections from IP address 10.10.10.1 and subnet 255.255.5, add the following line to /etc/hosts.allow:

portmap: 10.10.10.1 255.255.5.

Bookmark on del.icio.us digg this

This post is compiled by eUKhost.com

Leave a Comment

You must be logged in to post a comment.