Linh Dang <[EMAIL PROTECTED]> writes: > Hi > > I want to deny telnet, ftp and smtp connection from ANY other sites. > But I want to accept http connection, pull down pop3, imap and > send out mail (smtp). > > How do I setup /etc/host.deny, /etc/host.allow and CO. I will RTFM > but since security is so important (that why I choose Debian) I'd like > to hear all the tips, tricks and know all traps, pitfalls...
Well, /etc/hosts.allow and hosts.deny doesn't affect sending out mail, or http connections (since apache isn't run with tcpwrappers). Also, pulling down pop3 and imap just means that your machine has to accept mail coming from localhost. Here's what I'd recommend for /etc/hosts.allow: # Some coments ALL: [EMAIL PROTECTED] And for /etc/hosts.deny: # Some comments ALL: [EMAIL PROTECTED] This will allow connections from anyone with an IP address beginning with "127.0." - this should be only localhost, and although people outside your machine can fake individual inbound packets with this IP address, they can't actually establish a connection this way, because of the dialog that needs to happen to initiate a connection. Any other connections will be denied. If you want to monitor who's trying to do what, you could do what I do in my hosts.deny: ALL: [EMAIL PROTECTED] : rfc931 : spawn ((echo %c %a contacting %d; /bin/netstat --inet -n; echo traceroute -p 31434 %a) > /tmp/watch.$$ 2>&1) Of course, then you have to periodically go and look at those files... Hmmm - I see someone wanted to talk to nmbd on Sunday; I wish I'd noticed at the time...
