Quote:
|
Originally Posted by InfRecursion
Add the line to /etc/hosts.deny
ALL:111.222.333.444
|
I add the IP to /etc/hosts.deny
ALL:111.222.333.444
Then did the following things in therminal:
service iptables save
service iptables restart
And It does no work...!
Why?
Quote:
|
Originally Posted by ibbo
To go further
Add
ALL:ALL to hosts.deny
This then stops everything dead by default
In hosts.allow you can then open bits n bats like ssh
sshd: <ip address>, <another ip address>
vsftpd: <ip address>
It should have worked just fine. Try looking at your firewall too to ensure certain ports etc are not blocked.
Ibbo |
Why does adding ALL:ALL in hosts.deny does not work?
also did:
Then did the following things in therminal:
service iptables save
service iptables restart
And It does no work again...!
Could it has something to do with the thing that a have a tcp port open in iptables?
My iptables:
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 19000 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
Hybrid Mode
