Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 11 Oct 2004 19:09:14 +0900
From:      Rob <spamrefuse@yahoo.com>
To:        pelle@spd.nu, freebsd-questions@freebsd.org
Subject:   Re: Adding network & IP to hosts.deny
Message-ID:  <416A5BCA.3020708@yahoo.com>
In-Reply-To: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAArvdSa/sjb0OI1eLKLXuK1sKAAAAQAAAAnNdJfVuVREajW0jiKTPoYAEAAAAA@spd.nu>
References:  <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAArvdSa/sjb0OI1eLKLXuK1sKAAAAQAAAAnNdJfVuVREajW0jiKTPoYAEAAAAA@spd.nu>

next in thread | previous in thread | raw e-mail | index | archive | help
Pelle Andersson wrote:
> Hi!
> 
> I have a lot of login attempts from various networks and IP addresses
> on my FBSD 4.10 server. I have read the man pages for hosts.deny but
> do not understand how to add networks and IP addresses to it.
> 
> Let's say I want to block the network address 192.168.100.0 and/or
> the IP address 192.168.135.77.

As far as I understood, the use of /etc/hosts.deny is (going to be?)
depreciated. Instead use deny rules in /etc/hosts.allow.
For example:

   ALL : 192.168.100.0 192.168.135.77 : deny

This does: for all services that actually using the /etc/hosts.allow,
it will deny all access by these two IP numbers.

However, notice that there are services that do not use the hosts.allow,
and those won't be affected. So if you want a full proof block of these
IP numbers, you better make a firewall rule to deny their access.

Rob.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?416A5BCA.3020708>