Score:0

How do allow a range of IPs in /etc/hosts.allow but deny a single IP within that range in /etc/hosts.deny?

in flag

My /etc/hosts.allow file contains:

sshd: 225.73. , 164.41.

My /etc/hosts.deny file contains:

sshd: 225.73.24.25 , 164.41.45.63

The problem I'm facing is that if I try to SSH from 225.73.24.25 or 164.41.45.63 the server is allowing me to SSH in.

The scenario I want is that all IPs in the range 225.73. or 164.41. are allowed in except hosts with the IPs 225.73.24.25 or 164.41.45.63.

I would be grateful if someone could help with this.

gapsf avatar
ng flag
Because access rules in hosts.allow are applied first, they take precedence over rules specified in hosts.deny. https://web.mit.edu/rhel-doc/4/RH-DOCS/rhel-rg-en-4/s1-tcpwrappers-access.html Use firewall instead
gapsf avatar
ng flag
Try except operator https://www.mankier.com/5/hosts_access#Operators or deny, allow order https://www.mankier.com/5/hosts_options#Access_Control
jabbson avatar
sb flag
I was about to say calculate the subnets without one given IP, but EXCEPT appears to be a better way to excluding :)
Score:1
ir flag

You can use the EXCEPT operator in hosts.allow like this:

sshd: 225.73. , 164.41. EXCEPT 225.73.24.25 , 164.41.45.63

See man hosts.allow:

EXCEPT Intended use is of the form: list_1 EXCEPT list_2; this construct matches anything that matches list_1 unless it matches list_2.

Score:-1
sd flag

225.73. or 164.41. are allowed in except hosts with the IPs 225.73.24.25 or 164.41.45.63. all of this ips will still able to log in change filter sshd: 225.73.24.25 - 164.41.45.63 , 192.168.1.1 , 192.168.100.1 - 192.168.100.255

CP3O avatar
in flag
Can you format this answer better? Maybe provide an example, so it's really clear.
ir flag
I'm afraid I'm voting this answer down as I think it might be misleading.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.