How to deny client access using domain in TCP Wrapper?
I appreciate if someone can help me out with TCP Wrapper.
I want to deny all client access from .ywlocal.net domain to vsftpd server.
My environment is below. I use RHEL 7.3.
| role | hostname | ip address |
|---|---|---|
| vsftpd server | server1 | 192.168.11.16 |
| ftp client | tester1 | 192.168.11.17 |
As the document describes, I have defined the /etc/hosts.deny file on the ftp server (vsftpd) side as below.
# # hosts.deny This file contains access rules which are used to # deny connections to network services that either use # the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # The rules in this file can also be set up in # /etc/hosts.allow with a 'deny' option instead. # # See 'man 5 hosts_options' and 'man 5 hosts_access' # for information on rule syntax. # See 'man tcpd' for information on tcp_wrappers # #vsftpd : ALL EXCEPT 192.168.11. vsftpd : .ywlocal.net
I also have my /etc/hosts as below
[root@server1 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.11.17 tester1 tester1.ywlocal.net
I have opened firewall port as well.
[root@server1 ~]# firewall-cmd --list-rich-rule rule family="ipv4" port port="21" protocol="tcp" accept rule family="ipv4" port port="10000-10001" protocol="tcp" accept
However, I still can access vsftpd server from client side .
[ywatanabe@tester1 ~]$ lftp 192.168.11.16 lftp 192.168.11.16:~> ls drwxr-xr-x 2 0 0 6 Jun 23 2016 pub lftp 192.168.11.16:/>
How can I deny client access using domain?
Responses