Can RHEL8 / Rocky8 allow sshd + imap connections by hostname pattern (like tcp_wrappers)?

Stickley

2/22/24, 6:03 PM

We have used tcp_wrappers for many years that has allowed an extra level of protection by only allowing sshd connections matching a hostname pattern. Simplified example:

# hosts.deny    This file describes the names of the hosts which are *not* allowed to use the local INET services, as decided by the '/usr/sbin/tcpd' server.
sshd:ALL
imap:ALL

# hosts.allow   This file describes the names of the hosts which are allowed to use the local INET services, as decided by the '/usr/sbin/tcpd' server.
#
ALL: LOCAL,127.0.0.1,192.168.0.0/255.255.0.0,123.45.67.0/255.255.255.0,.foobar.com,.region.isp.com

Is it possible to allow access based on hostname patterns with firewalld or some other Rocky 8/9 tool? tcp_wrappers is extremely simple to configure, and very flexible to allow hostname patterns.

sshd_config has a Match parameter, however it seems that still allows the connection to open (and warns me of failed login attempts). I would prefer it to appear closed so as not to entice future crawlers.

0 + 0

firewalld

rhel8

rocky-linux

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Can RHEL8 / Rocky8 allow sshd + imap connections by hostname pattern (like tcp_wrappers)?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.