Join Log in
Score:0
CP3O avatar Server

How do allow a range of IPs in /etc/hosts.allow but deny a single IP within that range in /etc/hosts.deny?

in flag
CP3O

My /etc/hosts.allow file contains:

sshd: 225.73. , 164.41.

My /etc/hosts.deny file contains:

sshd: 225.73.24.25 , 164.41.45.63

The problem I'm facing is that if I try to SSH from 225.73.24.25 or 164.41.45.63 the server is allowing me to SSH in.

The scenario I want is that all IPs in the range 225.73. or 164.41. are allowed in except hosts with the IPs 225.73.24.25 or 164.41.45.63.

I would be grateful if someone could help with this.

972
2 + 3
ssh
gapsf avatar
ng flag
gapsf
Because access rules in hosts.allow are applied first, they take precedence over rules specified in hosts.deny. https://web.mit.edu/rhel-doc/4/RH-DOCS/rhel-rg-en-4/s1-tcpwrappers-access.html Use firewall instead
0
Reply
gapsf avatar
ng flag
gapsf
Try except operator https://www.mankier.com/5/hosts_access#Operators or deny, allow order https://www.mankier.com/5/hosts_options#Access_Control
0
Reply
jabbson avatar
sb flag
jabbson
I was about to say calculate the subnets without one given IP, but EXCEPT appears to be a better way to excluding :)
0
Reply
Score:1
avatar Server
ir flag
TommyPeanuts

You can use the EXCEPT operator in hosts.allow like this:

sshd: 225.73. , 164.41. EXCEPT 225.73.24.25 , 164.41.45.63

See man hosts.allow:

EXCEPT Intended use is of the form: list_1 EXCEPT list_2; this construct matches anything that matches list_1 unless it matches list_2.

+ 0
Score:-1
kiksee avatar Server
sd flag
kiksee

225.73. or 164.41. are allowed in except hosts with the IPs 225.73.24.25 or 164.41.45.63. all of this ips will still able to log in change filter sshd: 225.73.24.25 - 164.41.45.63 , 192.168.1.1 , 192.168.100.1 - 192.168.100.255

+ 2
CP3O avatar
in flag
CP3O
Can you format this answer better? Maybe provide an example, so it's really clear.
0
Reply
ir flag
TommyPeanuts
I'm afraid I'm voting this answer down as I think it might be misleading.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.