[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Allowing / Blocking IP for all services
- Subject: Re: [cobalt-users] Allowing / Blocking IP for all services
- From: "Zeffie" <cobaltlist@xxxxxxxx>
- Date: Fri Jan 19 00:42:26 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
> >> > We want to allow only 2 or 3 IP numbers to access our FTP, SSH and
> >e-mail
> >> > services. Any other IP numbers must be blocked.
> >>
> >> Sure, use ip-chains or setup ftp, ssh and email so that they all will
be
> >> accessed through tcpwrappers and put in ALL: ALL in hosts.deny, and
only
> >put
> >> the allowed ip-numbers in hosts.allow.
> >
> >How do you setup ftp, ssh and telnet through tcpwrappers?
>
> Hi Mike,
>
> E.g for FTP and TELNET
>
> First add your primary IPs which you use normally to connect
> with your server, to the file /etc/hosts.allow
> in the form of
>
> ALL : xxx.xxx.xxx.xxx, xxx.xx.xx.xxx, 127.0.0.1
>
> Then edit /etc/hosts.deny
> and add
>
> in.telnetd:ALL
> in.proftpd:ALL
But that won't cover his e-mail too
imapd:ALL
in.qpopper:ALL
>
> Now before you log out from your server try
> different set of ftp and telent sessions from your
> primary IPs and make sure everything OK.
>
> E.g for SSH
>
> Add to the /etc/sshd_config
> in the form of
>
> AllowHosts *.your.first.domain *.your.dial.up.provider your.2nd.domain