Proper Way to enter IP Address in host-deny

Amphibian

Joined
Sep 8, 2009
Messages
1,128
Likes
2
Points
38
#1
I figured I'm old enough for to be a newbie for this one...


Either I'm getting too old and forgetful or I'm having a brain fart....


What is the proper way to enter a IP address that you want to deny in /etc/host.deny?????


I have entered several as follows: ALL:202.108.145. : twist /bin/echo "you are forbidden access" : deny


I have researched several sites and have tried several different informed ways mentioned and I continue to get a message that says "missing new line or line too long"


I am seeing this in the "secure" file under /var/log/secure.


Does the last line need an extra character? Or am I missing a closing statement of some sort?


Thanks guys
Amphibian
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#2
man hosts.deny

and


man hosts.allow

you need to have them in hosts.deny before hosts.allow takes precedence and allows what you want

in hosts.deny
0.0.0.0./0

then in hosts.allow

mynetwork/mynetworkmask

be careful there you can lock yourself out :)

and yes, in this case both these files need an empty last line (consider it a legacy linux artifact, it was especially designed to trap newguys but mostly ended up in trapping oldfarts along with them :) :) )
.


I suggest you use something like CSF (www.configserver.com firewall)to do it for you , it will set it in iptables perfectly


regards

dicko

FWIW I always add a newline to the end of everything in basic config files, most don't care but there are some oldies but goldies that do.
 

Amphibian

Joined
Sep 8, 2009
Messages
1,128
Likes
2
Points
38
#3
Thanks Dicko,

I use dyndns.org and have it in my host.allow. That file I have no problem with. It's just the anoying messages in host.deny about the line being too long or missing something. I'm just looking for an example of how it should look or be entered.

In other words should it be one of the following:


1: ALL:100.100.100.100

2: ALL:100.100.100.100:deny

3: ALL:100.100.100.100 : deny

or whatever,

and should the last entry have nothing after it or should there be a new line entered.


I have some out of network IPs that I need to have access like for example 100.100.100.201 but I don't want the rest of that same bank to have access.



Thanks again
Amphibian
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#4
yes, as I said there should be an empty newline as the last line of both.

That means just type an enter (or ninety-two enters) before you save it.

yes it's an annoyance but

http://durak.org/sean/pubs/kfc/

and drill down to where those f^ck words come from
 

Amphibian

Joined
Sep 8, 2009
Messages
1,128
Likes
2
Points
38
#5
B)
"durak.org/sean/pubs/kfc/ and drill down to where those f^ck words come from



Your a funny man Dicko,



Thanks again
Amphibian
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,902
Messages
130,886
Members
17,563
Latest member
dineshr
Top