On Mon, 09 Jul 2012 20:11:10 +0200, Zdenek Herman wrote: (please, reply at the bottom)
> Dne 9.7.2012 16:52, Camaleón napsal(a): >> On Sun, 08 Jul 2012 22:26:11 +0200, Zdenek Herman wrote: >> >> (...) >> >>> When I set hosts.deny ALL: ALL and hosts.allow is empty. I can allow >>> connect to MySQL from anywhere - settings in hosts.allow and >>> hosts.deny are ignored. >> (...) >> >> I wonder if you aren't just missing the daemon to filter (mysqld) :-? >> >> cat /etc/hosts.deny > My hosts.deny (...) > ALL: ALL : spawn ( echo $(date '+%%d.%%m.%%y %%T') access DENIED from %u@%h > [%a] >> /var/log/tcp_wrapper/%d.log ) & (...) > My hosts.allow (...) > sshd: 192.168.1.1 \ > : spawn ( echo $(date '+%%d.%%m.%%y %%T') access ALLOWED from %u@%h [%a] > >> /var/log/tcp_wrapper/%d.log ) & And you said this was working for the sshd service, right? > I tested with mysqld: ALL in hosts.deny too. Well, that should prevent connections coming from the same host (localhost) unless you explicitely allow it from the hosts.allow, that has preference. I don't know why does not work for you. Take a look into this article that shows a few samples for using mysql with tcp wrappers: http://www.unixmen.com/securing-services-with-tcp-wrappers/ And also read the manual ("man hosts_options"), maybe we are omitting something obvious... Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jthi02$cnl$6...@dough.gmane.org
