I haven''t tried using hosts.allow and hosts.deny myself, but from what
I read, they only apply to access from outside to programs running on
the machine itself. That is, they don''t handle traffic that is routed
by the machine (as in your example), nor connections from the machine
and out.
Shorewall is far better. Use the "rules" and "policy" files
to set
the restrictions you want. You can read the documentation at
http://www.shorewall.net/2.0/
Note: Debian moves the original Shorewall configuration files, with
all Tom''s invaluable comments, to
/usr/share/doc/shorewall/default-config. You may want to copy them to
etc/shorewall as your starting point.
Rune
On 1/6/06, Richard <rwh@bellfrog.com.au> wrote:>
> >> Hello,
> >>
> >> I am using Debian Sarge, with Shorewall 2.2.3,
> >>
> >> for access control I am using hosts.allow :
> >>
> >> ALL: 144.131.xxx.xxx
> >>
> >> and hosts.deny:
> >>
> >> ALL: ALL
> >>
> >> I have a virtual machine that is being port forwarded to with
Shorewall :
> >>
> >> DNAT net loc:10.0.0.100 tcp 3389
> >>
> >> hosts.allow is not denying a request to the forwared rule. it
denies ssh
> >> fine but not the port forward rule.
> >>
> >> Is there an access control file similar to hosts.allow and deny in
> >> Shorewall that I should be using ?
> >>
> >> Thanks in Advance,
> >>
> >>
> >> Richard
> >
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
> for problems? Stop! Download the new AJAX search engine that makes
> searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click