How to Restrict System Access from Servers and Networks ?

How to Restrict System Access from Servers and Networks ?

Generally firewall is used to protect a server from other servers & networks. But many times protecting a server within a network, by using a TCP wrapper, is also needed.

Most of the Linux distributions comes with xinetd server. This xinetd server includes a built in TCP wrapper. It can be used to define network services to accept incoming connections from specified servers and networks. The TCP wrappers uses two files, /etc/hosts.allow and /etc/hosts.deny through which it implements access control.

# Deny everything by default, add the following line to /etc/hosts.deny:

ALL: ALL

# Accept incoming SSH connections from e.g. nodes bamdns1, bamdns2 and bamdns3, add the following line to /etc/hosts.allow:

sshd: bamdns1 bamdns2 bamdns3

# Accept incoming SSH connections from all servers from a specific network, add the name of the subnet to /etc/hosts.allow

sshd: bamdns1 bamdns2 bamdns3 .subnet.server1.com

# Accept connections from all servers on subnet .subnet.server1.com but not from server bamdns4.subnet.server1.com, you could add the following line to /etc/hosts.allow:

ALL: .subnet.server1.com EXCEPT bamdns4.subnet.server1.com

# Accept incoming portmap connections from IP address 10.10.10.1 and subnet 255.255.5, add the following line to /etc/hosts.allow:

portmap: 10.10.10.1 255.255.5.

Latest posts by Sam (see all)

Sharing

Leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.