You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2011-06-19 20:00:06
- ggs
- Member
- Registered: 2011-06-19
- Posts: 3
hosts.deny default
I'm installing arch 2010.05 core i686 on my laptop. The contents of the default /etc/hosts.deny file are
#
# /etc/hosts.deny
#
ALL: ALL: DENY
# End of file
I don't really understand what the DENY part does. Can someone clarify this for me? (I know from the man page that it corresponds to "shell_command", but I still don't understand what it does.)
Thanks!
Offline
#2 2011-06-19 20:24:10
- SS4
- Member
- From: !Rochford, Essex
- Registered: 2010-12-05
- Posts: 699
Re: hosts.deny default
It means all IP addresses are blocked from accessing your computer. It's the best security measure.
If you'd prefer to allow some IP addresses in (such as ssh) then whitelist it in hosts.allow
Rauchen verboten
Offline
#3 2011-06-19 21:42:32
- thestinger
- Package Maintainer (PM)
- From: Toronto, Canada
- Registered: 2010-01-23
- Posts: 478
Re: hosts.deny default
It means all IP addresses are blocked from accessing your computer. It's the best security measure.
If you'd prefer to allow some IP addresses in (such as ssh) then whitelist it in hosts.allow
It actually only affects programs compiled with libwrap support (ssh).
There's a list of programs compiled with support here: https://bugs.archlinux.org/task/23929.
If you want a real firewall, use netfilter.
edit: `man 5 hosts_access` will get you all the details about the hosts.allow and hosts.deny files
Last edited by thestinger (2011-06-19 21:44:42)
Offline
Pages: 1