FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 04-26-2012, 09:10 AM
Tuxoholic
 
Default How /etc/hosts.allow /etc/hosts.deny and smb.conf play along

hi list

Can somebody explain why smbd and nmbd are not affected by the following
strict ruleset in /etc/hosts* ?

/etc/hosts
127.0.0.1 MYHOSTNAME localhost.localdomain localhost
127.0.1.1 MYHOSTNAME
192.168.2.10 MYSERVER

cat /etc/hosts.allow
#ALL: localhost 127.0.1.1 192.168.2.0/24
ALL: localhost 127.0.1.1 192.168.2.0/32

/etc/hosts.deny
ALL: ALL

With this ruleset in place nmbd broadcasts still pull through and cifs mounts
are still possible, whereas ssh/rsh access is no longer possible.

To get rid of nmbd/smbd access I have to tweak smb.conf additionally:

/etc/samba/smb.conf

[global]
bind interfaces only = Yes
interfaces = 127.0.0.0/8, eth0
;; hosts allow = 192.168.2.0/24, 127.
hosts allow = 192.168.2.0/32, 127.
hosts deny = ALL

With this smb.conf tweaking it works fine, but why could smbd/nmbd run past
/etc/hosts.allow and /etc/hosts.deny without those lines in smb.conf?

To my limited CIDR understandig a /32 mask should restrict access to
192.168.2.0.0 and 192.168.2.1 - this should be fine for testing purposes.

Once this denies all services I'd set it to /24 to have access to the whole
"subnet" from 192.168.2.0-192.168.2.255 and 127.0.0.1 127.0.1.1


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: BLU0-SMTP149485F83CD3709473EA7D5D8240@phx.gbl">http://lists.debian.org/BLU0-SMTP149485F83CD3709473EA7D5D8240@phx.gbl
 

Thread Tools




All times are GMT. The time now is 09:18 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org