On Mon, 11 Feb 2002 [EMAIL PROTECTED] wrote: > 1. i try to configure in hosts.deny : > > ALL:[EMAIL PROTECTED]
Hi Aku, To deny all incoming connections for tcpwrapped ports it is sufficient to have this line in your /etc/hosts.deny file: ALL: ALL The endpoint construct isn't necessary for what you seem to want. > and try in hosts.allow : > > ALL : 202.xxx.xxx.xx1, 202.xxx.xxx.xx2 > > But when i try from 202.xxx.xxx.xx1 and 202.xxx.xxx.xx2 the message > is Connection closed by remote host. > > how to configure in close all and allow from > that ip? Well, if you want to allow all types of connections from those two IPs that should do it. You just have to state the ip numbers separated by spaces and/or comma's according to the manpage (see man hosts_access). Which is what you seem to do (assuming those x's aren't really in there... `;-) However I strongly suggest you open only those ports that you need instead of all of them, but you can do that after things are working the way you want it. Of course even if tcp_wrapper gives you access the deamon doesn't have to do so too... So, maybe it's not the wrapper that's denying you access. If you think your hosts.deny and hosts.allow files are fine, then maybe it's good to make sure the deamon accepts your connections. > 2. I try to close port 111 in services and give # on port sunrpc > 111/tcp, and inetd but > allways be open. You don't block access by commenting lines in the services file. There's two locations you can do that: the file /etc/inetd.conf and the files in the directory /etc/init.d. Those are the ones that control your inetd processes and your deamons. To stop portmapper you can add "exit 0" on it's own line at the top of the file /etc/init.d/portmap, immediately after the commentsheader. If you want to disable portmapper only for a specific runlevel, then you can also rename the appropriate symlink in /etc/rc[23].d/ HTH -- J.A. de Vries aka HdV Delft University of Technology Computing Centre Email: [EMAIL PROTECTED]