I would strongly strongly recommend you use iptables instead. You've almost
certainly got iptables support already compiled into your kernel, so it's
just a matter of installing the userspace iptables tool, and configuring it.
I'll give you a hand with the config if you want, just email me.

jon

> -----Original Message-----
> From: Josh Koffman [mailto:listsjosh@3MTMP.COM]
> Sent: 12 February 2004 16:33
> To: PICLIST@MITVMA.MIT.EDU
> Subject: [OT:] Linux Host Deny Help
>
>
> Ok, I'm desperate. I've tried everything I know how to try,
> and it's not working. And I can't figure out why.
>
> I am running Debian with a 2.2.19 kernel. I know 2.6 is out,
> but I don't want to upgrade right now. There is going to be a
> major overhaul coming in a month or so, and I don't want to
> waste time upgrading this machine right now.
>
> Here is what I am trying to do. I am attempting to block
> access to my linux box from all addresses starting with
> 141.117.*.* except the few within that range that I specify.
> So, my first thought was hosts.allow and hosts.deny. I added
> the address above (with netmask) to hosts.deny,
> (ALL:141.117.0.0/255.255.0.0), and the address I want to be
> able to access the box (ALL:141.117.*.*) to hosts.allow. Then
> I started testing. The address I want to work worked fine.
> However, I am having issues with the blocked addresses. They
> won't connect to some services (ie the POP
> server) which is perfect, but they still connect to others,
> such as SMTP. I've even tried explicitly denying the IP of
> the machine I'm testing with, and I can still send mail
> through SMTP perfectly. I tried adding (ALL smtp:
> 141.117.0.0/255.255.0.0) or ALL exim:
> 141.117.0.0/255.255.0.0) but neither seem to work.
>
> I just don't understand how I can explicitly deny access, and
> it works for some things but SMTP works great.
>
> HELP!
>
> Thank you
>
> Josh
> --
> A common mistake that people make when trying to design
> something completely foolproof is to underestimate the
> ingenuity of complete fools.
>         -Douglas Adams
>
> --
> http://www.piclist.com hint: The list server can filter out
> subtopics (like ads or off topics) for you. See
http://www.piclist.com/#topics

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics