PLUG-discuss Digest, Vol 61, Issue 28
Ed
plug at 0x1b.com
Thu Jul 29 02:20:48 MST 2010
On Wed, Jul 28, 2010 at 12:15 PM, gm5729 <gm5729 at gmail.com> wrote:
>>
>> it is a good idea to put yourself in hosts.allow before adding
>> anything to hosts.deny.
>>
> That is what /etc/hosts is for if IIRC. I have a domain name I could
> put it in there, but most of the time I just see a digitized IP
> address that is dynamic.
/etc/hosts is for name lookup before DNS gets running.
hosts.allow and hosts.deny perform an ACL function and have a
different file format - see the man page. or your file bellow
you want to witelist yourself (machine/range you work from) in
hosts.allow so you don't lock yourself out of your remote server - and
don't have to walk down the hall and root around in the closet.. ;)
>
> You asked about countries.
> The link you gave was for email. I am not talking about email. I am
> talking about literally blocking whole countries from access. Here is
> my /etc/hosts.deny
>
> #
> # /etc/hosts.deny
> #
>
> ALL:.cn,.eg,.iq,.ir,.jo,.kp,.ly,.sa,.sd,.su,.sy,.za
> ###
>
>
ok , but if you do it that way, a DNS lookup is required by each
contact. That would be too slow for a router, better to use IP blocks
as assigned by IANA & crew.
More information about the PLUG-discuss
mailing list