Hey, > I have a few friends whom I share access to their linux boxes > and in return I give them access to mine... it's a tit for tat > thing. If I want to block everyone except certain IP's, how > can I do that? While the previous post will get you what you're after under most circumstances, there might be trouble on occasion. I'd searched & searched till I'd found an example on the Web which has simply not failed me. For hosts.allow: #allow everything inside of the network & a few select others ALL: LOCAL, .yourdomain.com, 165.22.8.112, 207.109.85.60 #Give myself some access points in case DNS gets fucked in.telnetd: xxx.xx.xxx.xx in.telnetd: 207.109.85.60 in.telnetd: 165.22.8.112 in.ftpd: xxx.xx.xxx.xx in.ftpd: xxx.xx.xxx.xx in.ftpd: 207.109.85.60 in.ftpd: 165.22.8.112 Here, ALL indicates (basically) that anyone attempting is allowed, but LOCAL means that any with my domain (which is listed) & two specific ip's (boxes I use at work) can access. But even if someone spoofed my domain, they'd still have to have a legitimate ip address (one of which is indicated where I have the x's), followed by each of those boxes at work which are allowed telnet & ftp (though I can kill the telnet now I have ssh working....). For hosts.deny: ALL: ALL This is what's called the paranoid set up. It tells the system that everyone is to be kept out unless there are specific entries in hosts.allow. Give this one a shot. And yes, you can use partial domains & ip's -- just remember that if it's the second part (like yahoo.com) you have to lead it off with a . (so, .yahoo.com, or like near the end like 207.109.85.). Meph -- "I did this 'cause Linux gives me a woody." -Dave '-ddt->' Taylor, announcing DOOM for Linux
