Using TCP Wrappers to secure Linux
TCP Wrappers : TCP Wrappers can be used to GRANT or DENY access to various services on your machine to the outside network or other machines on the same network. It does this by using simple Access List Rules which are included in the two files /etc/hosts.allow and /etc/hosts.deny .
When the request from the remote_mc is received by the tcp wrapped service (SSH in this case), it takes the following basic steps:
- It checks the /etc/hosts.allow file and applies the first rule specified for that service. If it finds a matching rule , it allows the connection. If no rule is found, it moves on to step 2.
- It checks the /etc/hosts.deny file and if a matching rule is found, it deny's the connection.
[root@xnetbd ~]# vim /etc/hosts.allow
sshd: 192.168.50.22 192.168.50.21
sshd: 192.168.50.(For allow full network)
[root@xnetbd ~]# vim /etc/hosts.deny
ALL: ALL (For Deny all)