How to edit hosts.deny and hosts.allow?
Solution 1
hosts.deny
example:
ALL: 192.168.1.2
ALL: example.org
This denies all service to 192.168.1.2 and example.org. For further information, take a look here: http://linux.about.com/od/commands/l/blcmdl5_hostsde.htm
dnsmasq -d
should give you the cached entries but I'm not so sure about that.
---UPDATE---
To block an IP Address with iptables:
iptables -A INPUT -s 11.22.33.44 -j DROP
to unblock:
iptables -D INPUT -s 11.22.33.44 -j DROP
Solution 2
hosts.allow
and hosts.deny
are deprecated. They are used by TCP Wrappers, host-based access control, http://en.wikipedia.org/wiki/TCP_Wrapper
If you want to block access to a service, you need to find whether that service has been compiled with TCP Wrappers. I highly doubt that Ubuntu services still use TCP Wrappers.
The TCP Wrappers library is found in /lib/libwrap.so.0
If you want to check whether lighttpd
(Web server) supports TCP Wrappers, run
> ldd /usr/sbin/lighttpd
linux-vdso.so.1 => (0x00007fff2a5ff000)
libpcre.so.3 => /lib/libpcre.so.3 (0x00007f69af837000)
libdl.so.2 => /lib/libdl.so.2 (0x00007f69af633000)
libattr.so.1 => /lib/libattr.so.1 (0x00007f69af42d000)
libssl.so.0.9.8 => /lib/libssl.so.0.9.8 (0x00007f69af1db000)
libcrypto.so.0.9.8 => /lib/libcrypto.so.0.9.8 (0x00007f69aee4b000)
libfam.so.0 => /usr/lib/libfam.so.0 (0x00007f69aec42000)
libc.so.6 => /lib/libc.so.6 (0x00007f69ae8bf000)
/lib64/ld-linux-x86-64.so.2 (0x00007f69afa90000)
libz.so.1 => /lib/libz.so.1 (0x00007f69ae6a8000)
> _
It does not mention libwrap
, so at least this service does not support TCP Wrappers, and will ignore /etc/hosts.{allow, deny}
.
Solution 3
You want to use a firewall to block access to other sites. I believe ufw is intalled by default. The command man ufw
should provide information on how to use it. Replace 192.0.2.15 with the address you want to block.
The commands
sudo ufw enable sudo ufw deny to 192.0.2.15
Related videos on Youtube
luastoned
Updated on September 17, 2022Comments
-
luastoned over 1 year
I want to block some hosts in Ubuntu, so how could I edit
hosts.deny
file to block some hosts like example.com.And one more thing I have installed
dnsmasq
in Ubuntu, so can I check the entries of the dns's cached bydnsmasq
? If yes then how?Thanks in advance.
-
luastoned over 13 yearsdnsmasq -d :-> dnsmasq: failed to create listening socket: Address already in use
-
luastoned over 13 yearsnd i have done ALL: 78.159.111.140 in hosts.deny file. But still this page is getting loaded in my browser.
-
Appak over 13 yearsHosts.deny blocks those IPs accessing services on your computer but you are accessing their server. You could use iptables or edit your /etc/hosts like this: 127.0.0.1 78.159.111.140
-
luastoned over 13 yearsthen how to block the my computer user to access that server?
-
luastoned over 13 yearshey can you please explain a bit more how to do that
-
Appak over 13 yearsI updated my Answer.... Btw, maybe you have to stop dnsmasq first before running dnsmasq -d.
-
zaius over 12 yearsIf tcp wrappers are depreciated, what's the replacement?