Adding network & IP to hosts.deny

Rob spamrefuse at yahoo.com
Mon Oct 11 03:09:16 PDT 2004


Pelle Andersson wrote:
> Hi!
> 
> I have a lot of login attempts from various networks and IP addresses
> on my FBSD 4.10 server. I have read the man pages for hosts.deny but
> do not understand how to add networks and IP addresses to it.
> 
> Let's say I want to block the network address 192.168.100.0 and/or
> the IP address 192.168.135.77.

As far as I understood, the use of /etc/hosts.deny is (going to be?)
depreciated. Instead use deny rules in /etc/hosts.allow.
For example:

   ALL : 192.168.100.0 192.168.135.77 : deny

This does: for all services that actually using the /etc/hosts.allow,
it will deny all access by these two IP numbers.

However, notice that there are services that do not use the hosts.allow,
and those won't be affected. So if you want a full proof block of these
IP numbers, you better make a firewall rule to deny their access.

Rob.




More information about the freebsd-questions mailing list