How to deny client access using domain in TCP Wrapper?
I appreciate if someone can help me out with TCP Wrapper.
I want to deny all client access from .ywlocal.net domain to vsftpd server.
My environment is below. I use RHEL 7.3.
| role | hostname | ip address |
|---|---|---|
| vsftpd server | server1 | 192.168.11.16 |
| ftp client | tester1 | 192.168.11.17 |
As the document describes, I have defined the /etc/hosts.deny file on the ftp server (vsftpd) side as below.
#
# hosts.deny This file contains access rules which are used to
# deny connections to network services that either use
# the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# The rules in this file can also be set up in
# /etc/hosts.allow with a 'deny' option instead.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
#vsftpd : ALL EXCEPT 192.168.11.
vsftpd : .ywlocal.net
I also have my /etc/hosts as below
[root@server1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.11.17 tester1 tester1.ywlocal.net
I have opened firewall port as well.
[root@server1 ~]# firewall-cmd --list-rich-rule
rule family="ipv4" port port="21" protocol="tcp" accept
rule family="ipv4" port port="10000-10001" protocol="tcp" accept
However, I still can access vsftpd server from client side .
[ywatanabe@tester1 ~]$ lftp 192.168.11.16
lftp 192.168.11.16:~> ls
drwxr-xr-x 2 0 0 6 Jun 23 2016 pub
lftp 192.168.11.16:/>
How can I deny client access using domain?
