I want to disable all ssh connection from both IPv4 and IPv6 except certain IPs. I can set /etc/hosts.deny to deny all IPv4 ssh connection:

sshd: ALL

How to apply to IPv6? I tried below, and fail:

sshd: [*]

and

sshd: [ALL]

My sshd server version: PKIX-SSH 12.1, OpenSSH_8.0p1, OpenSSL 1.0.2g-fips 1 Mar 2016 And PKIX is configured with --with-tcp-wrappers

On a RHEL 7 server, /etc/hosts.allow has a number of IP addresses with full access. The firewall (confirmed with firewall-cmd), there are no specific sources defined, and the default zone allows certain ports and services. Which takes precedence? Or for a specific example, if an IP address listed in /etc/hosts.allow tries to connect to the server using a port/service not allowed by the firewall rules, could it connect?

I configured the /etc/hosts.allow at the machine 192.168.122.50 with the following option. sshd : ALL EXCEPT 192.168.122.1 and tried ssh root@192.168.122.50 from the machine 192.168.122.1 and I was able to connect to the machine 192.168.122.50 as root. Then I added the the following rule to the /etc/hosts.deny file at 192.168.122.50 sshd : 192.168.122.1 Again, I tried ssh root@192.168.122.50 from the machine 192.168.122.1. But this time I was **not able to connect** and I got the error ssh_exchange_identification: Connection closed by remote host This made me doubt the actual behaviour of the EXCEPT directive in /etc/hosts.allow and /etc/hosts.deny. Below is what I understand from this. If we put the **EXCEPT** directive in hosts.allow, it only means that we are not allowing the particular host/network that comes after it but a connection is still possible **until** we explicitly mention that particular host/network in /etc/hosts.deny. To put it simply **not allowing does not mean denying** If we put the **EXCEPT** directive in hosts.deny, it means that we are indirectly allowing the particular host/network to make a connection. To put it simply **not denying means allowing** Am I right in my judgement? Note 1: ssh daemon is restarted whenever I make a change in /etc/hosts.allow and /etc/hosts.deny even though it is not necessary. Note 2: I understand that allow has more priority than deny.

I have here a minimal-memory, lowest-budget VM setting, where I would like to use a rarely used big service. I think, things would look really much better, if I could simply turn it off if I do not need it (about 99% of the work day). Fortunately, the tool starts relatively quickly. It is being accessed over a tcp socket. I think, I would put some socket before it, which could auto-start it if there is a request. It could also auto-stop it if there is no access for a while (some minutes or so). Can I somehow do it, maybe with some tricky systemd socket configuration?

The client PC IP: 10.49.46.5/24 and the server PC IP: 10.49.46.2/24 are two computers linked to the same network. When I try to create an interactive communication between these two computers using the command telnet, I get the following: [root@xxx:~]# telnet 10.49.46.2 Trying 10.49.46.2... Connected to 10.49.46.2. Escape character is '^]'. Connection closed by foreign host. [root@xxx:~]# The server xinetd.conf are as follows: defaults { instances = 60 log_type = SYSLOG authpriv log_on_success = HOST PID EXIT log_on_failure = HOST ATTEMPT cps = 25 30 } includedir /etc/xinetd.d The server telnet.config are as follows: service telnet { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/telnetd log_on_failure += USERID instances = 10 disable = no } The TCPWrapper hosts.allow are: telnetd: /etc/telnetd.hosts tfdpd: /etc/tftpd.hosts sshd: /etc/sshd.hosts The TCPWrapper hosts.deny are: ALL:ALL NOW: 1. I checked ssh and it is running on port 22. 2. I checked /var/log/message and had found that the command xinetd starts and then exits the telnet immediately. 3. I checked that iptables do not drop telnet package using the command: iptables -L Would you please help me figure out what is the problem and how can I fix it?

I am trying to figure out, whether or not it's possible to make sure, that if a user uses a browser and types in a domain name that ends on either "se" or "ru", they will be denied access to that site. PS: this is a school assignment, and my teacher demands that I make use of tcp wrapper, so downloading some module that will do the trick is out of the question, unfortunately

I am looking for a command line tool that checks tcp_wrapper configuration file syntax to make sure daemon names are set right and things like that, check for spelling or syntax errors etc.

I'm learning host based firewall by installing tcp_wrappers.tcz on Tiny Core Linux (TCL). Initially, the following files were not there which was expected. /etc/hosts.allow /etc/hosts.deny BEFORE tc@linux:/etc$ date; ls -lh /etc/host* Thu May 3 20:20:51 UTC 2018 -rw-rw-r-- 1 root staff 26 Jul 4 2016 /etc/host.conf -rw-r--r-- 1 root root 4 May 3 20:18 /etc/hostname -rw-r--r-- 1 root root 290 May 3 20:18 /etc/hosts INSTALLATION tc@linux:/etc$ tce-load -wi tcp_wrappers.tcz Downloading: tcp_wrappers.tcz Connecting to repo.tinycorelinux.net (89.22.99.37:80) tcp_wrappers.tcz 100% |****************************************************************************************************************************************| 40960 0:00:00 ETA tcp_wrappers.tcz: OK AFTER tc@linux:/etc$ date; ls -lh /etc/host* Thu May 3 20:21:14 UTC 2018 -rw-rw-r-- 1 root staff 26 Jul 4 2016 /etc/host.conf -rw-r--r-- 1 root root 4 May 3 20:18 /etc/hostname -rw-r--r-- 1 root root 290 May 3 20:18 /etc/hosts -rw-r--r-- 1 root root 121 Nov 27 2008 /etc/hosts.allow -rw-r--r-- 1 root root 119 Nov 27 2008 /etc/hosts.deny Then, I was able to see both files created. tc@linux:/etc$ cat /etc/hosts.allow # hosts.allow This file describes the names of the hosts which are allowed access by the '/usr/local/bin/tcpd' server. tc@linux:/etc$ cat /etc/hosts.deny # hosts.deny This file describes the names of the hosts which are denied access by the '/usr/local/bin/tcpd' server. Unfortunately, /usr/local/bin/tcpd was not there. tc@linux:/etc$ ls -lh /usr/local/bin/tcpd ls: /usr/local/bin/tcpd: No such file or directory Obviously, TCP Wrapper won't work without tcpd right? How do I get this to work?

I'm being trolled by China, and don't know why I can't block their request to my server. **//host.deny** ALL: item.taobao.com ALL: 117.25.128.* But when I watch the error log on my webserver tail -f /var/log/apache2/error.log the requests are still being allowed through. **Question:** Why isn't my /etc/hosts.deny config working?

I've taken over administering some machines with no context about their configuration. Some are using iptables. Some are using tcp_wrappers (ie. /etc/hosts.allow). Some are using both. They're all inconsistently configured. In many cases iptables and tcp_wrappers appear to have redundant rules. In one case they're conflicting. This is a maintenance nightmare and I'm inclined to switch to using just one system. Before I do so I thought I'd ask, are there situations where it is appropriate to use both on the same machine?

I am running a sendmail server on CentOS 6.8. For MTA connections on port25 I want to use tcpwrappers to reject host with no PTR DNS record. so my hosts.allow looks like : sendmail: ALL EXCEPT UNKNOWN My problem is the mail submission port on 587 seems to share this setting. The result is that roaming users (mostly on US Cellular) who don't have a PTR record for their current IP address get rejected before they can authenticate. I can fix this by setting up sendmail: ALL in hosts allow, but this about triples the number of garbage connections from spammers on port 25. Does anyone know a way to make sendmail call libwrap for port 25 connections but not for port 587 connections that will be authenticated ? Thanks!

Is it possible to find whether the firewall (iptables) or tcpwrapper is blocking a connection without accessing the remote server? (Maybe with tcpdump?)

If a service (or port) is blocked in both TCPwrapper and Iptables, which will block the request first and why?

I want to deny ftp access on solaris10 For experiment i use only one host Tcp wrapper is enabled inetadm -l ftp | grep tcp_wrappers default tcp_wrappers=TRUE /etc/hosts.deny ftpd: 192.168.0.2 in.ftpd: 192.168.0.2 But when i try to log in with ftp with 192.168.0.2 it work why?

We have SSH open on one of our production servers leaving it prone to various brute force attacks to break in. I reduced the attempts by changing the default port from 22. I want to further harden security by allowing ssh login from a particular country domain .in only. For this I can configure /etc/hosts.deny or /etc/hosts.allow . For hosts.allow, I have added the following entry sshd: in If I use hosts.deny, then my entry is like this sshd: !in After configuring any one of the above, I am noticing that it takes more time to connect to the ssh server. With verbose it is showing hanging here for some time before providing the login attempt ssh -vv 103.8.X.X OpenSSH_5.9p1 Debian-5ubuntu1.4, OpenSSL 1.0.1 14 Mar 2012 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 103.8.X.X [103.8.X.X] port 565. debug1: Connection established. debug1: identity file /home/amin/.ssh/id_rsa type -1 debug1: identity file /home/amin/.ssh/id_rsa-cert type -1 debug1: identity file /home/amin/.ssh/id_dsa type -1 debug1: identity file /home/amin/.ssh/id_dsa-cert type -1 debug1: identity file /home/amin/.ssh/id_ecdsa type -1 debug1: identity file /home/amin/.ssh/id_ecdsa-cert type -1 (<-- hangs here for arnd 30 secs) It takes more time with putty , after setting rules for tcp wrappers.

I need to keep track of all SSH connections on my server. In my /etc/hosts.allow I have something like this: sshd: ALL : spawn ( echo "date from %u %a " >> /var/log/ssh/%d.log ) & where %a logs the client IP, and %u is supposed to log the username. But instead %u just logs unknown. Is there a way to fix this? I need to log both the IP and the username for each connection.