Tom's Hardware > Forum > General Networking > General Gateways, Routers and Firewalls > Linux/untangle newb question: country blocking, hosts.deny vs iptables

Linux/untangle newb question: country blocking, hosts.deny vs iptables

Forum General Networking : General Gateways, Routers and Firewalls - Linux/untangle newb question: country blocking, hosts.deny vs iptables

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
Anonymous   08-21-2009 at 04:01:25 PM

I'd like to use lists of networks to block all countries outside of mine on my firewall box. We don't need access to other places at work and it would look good in a security audit. I found a site that publishes lists to add. So I have a few newb linux questions..

1. Where is the best place to add this, a hosts.deny file? Does it work like a windows hosts file in linux where no traffic is allowed? I read something about it only applies to tcpwrappers and I don't know if our apache build, mysql, webmin uses tcpwrappers. Our webserver is fedora/apache/mysql and rails

2. how would you add that to iptables, and would it slow the machine down a lot? Its a dual athlon 64 4400. Usually have 2-4 concurrent users.

3. On my firewall box which is untangle, can you edit the hosts.allow and hosts.deny files without screwing up Untangle?

and the bonus question - anyone use ossec or something similar? Any suggestions on a favorite? I like the central console idea of ossec.

Add a reply
Sponsored Links
Register or log in to remove.
peterkuykendall   09-20-2009 at 08:59:39 AM
- 0 +

It turns out you can easily block whole countries and domains in hosts.deny. So I'm now blocking all countries except the US, plus some other specific domains. Combined with denyhosts (Python script that looks for bad SSH login requests in /var/log/messages and shares attackers in a global database), it has cut my incoming SSH attacks from dozens per day to essentially zero.

I can't switch ports because at work they only let me out on port 22.

I have a very simple hosts.allow file, just 2 entries. This ensures that I can always get in via my employer's VPN, which gives me the same outside IP all the time.

#
# hosts.allow This file contains access rules which are used to
# allow or deny connections to network services that
# either use the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# See 'man 5 hosts_access' and 'man 5 hosts_options'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers.
#

ALL: 192.168.1.0/24 # Local network
ALL: a.b.c.d # My employer's VPN


#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!

ALL: UNKNOWN

ALL: chinamobile.com

ALL: .edu #Educational institutions (e.g. colleges)

ALL: .ac
ALL: .ad
ALL: .ae
ALL: .af
ALL: .ag
ALL: .ai
ALL: .al
ALL: .am
ALL: .an
ALL: .ao
ALL: .aq
ALL: .ar
ALL: .as
ALL: .at
ALL: .au
ALL: .aw
ALL: .az
ALL: .ax
ALL: .ba
ALL: .bb
ALL: .bd
ALL: .be
ALL: .bf
ALL: .bg
ALL: .bh
ALL: .bi
ALL: .bj
ALL: .bm
ALL: .bn
ALL: .bo
ALL: .br
ALL: .bs
ALL: .bt
ALL: .bv
ALL: .bw
ALL: .by
ALL: .bz
ALL: .ca
ALL: .cc
ALL: .cd
ALL: .cf
ALL: .cg
ALL: .ch
ALL: .ci
ALL: .ck
ALL: .cl
ALL: .cm
ALL: .cn
ALL: .co
ALL: .cr
ALL: .cs
ALL: .cu
ALL: .cv
ALL: .cx
ALL: .cy
ALL: .cz
ALL: .de
ALL: .dj
ALL: .dk
ALL: .dm
ALL: .do
ALL: .dz
ALL: .ec
ALL: .ee
ALL: .eg
ALL: .eh
ALL: .er
ALL: .es
ALL: .et
ALL: .eu
ALL: .fi
ALL: .fj
ALL: .fk
ALL: .fm
ALL: .fo
ALL: .fr
ALL: .ga
ALL: .gb
ALL: .gd
ALL: .ge
ALL: .gf
ALL: .gg
ALL: .gh
ALL: .gi
ALL: .gl
ALL: .gm
ALL: .gn
ALL: .gp
ALL: .gq
ALL: .gr
ALL: .gs
ALL: .gt
ALL: .gu
ALL: .gw
ALL: .gy
ALL: .hk
ALL: .hm
ALL: .hn
ALL: .hr
ALL: .ht
ALL: .hu
ALL: .id
ALL: .ie
ALL: .il
ALL: .im
ALL: .in
ALL: .io
ALL: .iq
ALL: .ir
ALL: .is
ALL: .it
ALL: .je
ALL: .jm
ALL: .jo
ALL: .jp
ALL: .ke
ALL: .kg
ALL: .kh
ALL: .ki
ALL: .km
ALL: .kn
ALL: .kp
ALL: .kr
ALL: .kw
ALL: .ky
ALL: .kz
ALL: .la
ALL: .lb
ALL: .lc
ALL: .li
ALL: .lk
ALL: .lr
ALL: .ls
ALL: .lt
ALL: .lu
ALL: .lv
ALL: .ly
ALL: .ma
ALL: .mc
ALL: .md
ALL: .mg
ALL: .mh
ALL: .mk
ALL: .ml
ALL: .mm
ALL: .mn
ALL: .mo
ALL: .mp
ALL: .mq
ALL: .mr
ALL: .ms
ALL: .mt
ALL: .mu
ALL: .mv
ALL: .mw
ALL: .mx
ALL: .my
ALL: .mz
ALL: .na
ALL: .nc
ALL: .ne
ALL: .nf
ALL: .ng
ALL: .ni
ALL: .nl
ALL: .no
ALL: .np
ALL: .nr
ALL: .nu
ALL: .nz
ALL: .om
ALL: .pa
ALL: .pe
ALL: .pf
ALL: .pg
ALL: .ph
ALL: .pk
ALL: .pl
ALL: .pm
ALL: .pn
ALL: .pr
ALL: .ps
ALL: .pt
ALL: .pw
ALL: .py
ALL: .qa
ALL: .re
ALL: .ro
ALL: .ru
ALL: .rw
ALL: .sa
ALL: .sb
ALL: .sc
ALL: .sd
ALL: .se
ALL: .sg
ALL: .sh
ALL: .si
ALL: .sj
ALL: .sk
ALL: .sl
ALL: .sm
ALL: .sn
ALL: .so
ALL: .sr
ALL: .st
ALL: .sv
ALL: .sy
ALL: .sz
ALL: .tc
ALL: .td
ALL: .tf
ALL: .tg
ALL: .th
ALL: .tj
ALL: .tk
ALL: .tl
ALL: .tm
ALL: .tn
ALL: .to
ALL: .tp
ALL: .tr
ALL: .tt
ALL: .tv
ALL: .tw
ALL: .tz
ALL: .ua
ALL: .ug
ALL: .uk
ALL: .um
#ALL: .us
ALL: .uy
ALL: .uz
ALL: .va
ALL: .vc
ALL: .ve
ALL: .vg
ALL: .vi
ALL: .vn
ALL: .vu
ALL: .wf
ALL: .ws
ALL: .ye
ALL: .yt
ALL: .yu
ALL: .za
ALL: .zm
ALL: .zw

Reply to peterkuykendall
Ask the community Add a reply
Tom's Hardware > Forum > General Networking > General Gateways, Routers and Firewalls > Linux/untangle newb question: country blocking, hosts.deny vs iptables
Go to:

There are 527 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.326 seconds
Sponsored links
  • Ask the community now
  • Publish
Ad
They won a badge
Join us in greeting them