Generally firewall is used to protect a server from other servers & networks. But many times protecting a server within a network, by using a TCP wrapper, is also needed.
Most of the Linux distributions comes with xinetd server. This xinetd server includes a built in TCP wrapper. It can be used to define network services to accept incoming connections from specified servers and networks. The TCP wrappers uses two files, /etc/hosts.allow and /etc/hosts.deny through which it implements access control.
# Deny everything by default, add the following line to /etc/hosts.deny:
ALL: ALL
# Accept incoming SSH connections from e.g. nodes bamdns1, bamdns2 and bamdns3, add the following line to /etc/hosts.allow:
sshd: bamdns1 bamdns2 bamdns3
# Accept incoming SSH connections from all servers from a specific network, add the name of the subnet to /etc/hosts.allow
sshd: bamdns1 bamdns2 bamdns3 .subnet.server1.com
# Accept connections from all servers on subnet .subnet.server1.com but not from server bamdns4.subnet.server1.com, you could add the following line to /etc/hosts.allow:
ALL: .subnet.server1.com EXCEPT bamdns4.subnet.server1.com
# Accept incoming portmap connections from IP address 10.10.10.1 and subnet 255.255.5, add the following line to /etc/hosts.allow:
portmap: 10.10.10.1 255.255.5.
- Aches, Pain & the PC - October 20, 2006
- Apache Cocoon - October 19, 2006
- JXTA-C - October 19, 2006