/etc/hosts.deny ignored in Ubuntu 14.04

Posted by Matt on Server Fault See other posts from Server Fault or by Matt
Published on 2014-08-12T00:46:44Z Indexed on 2014/08/22 10:22 UTC
Read the original article Hit count: 294

Filed under:

linux-networking

|

ubuntu-14.04

|

ip-blocking

|

network-security

|

hosts.deny

I have Apache2 running on Ubuntu 14.04LTS. To begin securing network access to the machine, I want to start by blocking everything, then make specific allow statements for specific subnets to browse to sites hosted in Apache.

The Ubuntu Server is installed with no packages selected during install, the only packages added after install are: apt-get update; apt-get install apache2, php5 (with additional php5-modules), openssh-server, mysql-client

Following are my /etc/hosts.deny & /etc/hosts.allow settings:

/etc/hosts.deny
```
ALL:ALL
```
/etc/hosts.allow has no allow entries at all.

I would expect all network protocols to be denied. The symptom is that I can still web browse to sites hosted on the Apache web server even though there is a deny all statement in /etc/hosts.deny

The system was rebooted after the deny entry was added.

Why would /etc/hosts.deny with ALL:ALL be ignored and allow http browsing to sites hosted on the apache web server?

© Server Fault or respective owner

Related posts about linux-networking

Tutorial: 7 Useful Linux Networking Commands

as seen on Internet.com - Search for 'Internet.com'
Eric Geier introduces us to to seven powerful commands for troubleshooting and configuring Linux networking, both wired and wireless. >>> More
Linux networking "jail" for a single process

as seen on Server Fault - Search for 'Server Fault'
I need to tune up a networking app for network specific things like: make it use a DNS server different than the default one from /etc/resolv.conf make sure it does not try to connect to certain hosts/ports using tcp/udp connections I know I can get away with just modifying /etc/resolv.conf and… >>> More
What do "Unknown SSAP" and "Unknown DSAP" mean in tcpdump?

as seen on Server Fault - Search for 'Server Fault'
While trying to fix a problem with intermittently losing internet connection on a machine with a wireless connection to a router, I ran tcpdump and noticed packets with "Unknown SSAP" and "Unknown DSAP" errors coming at a rate of a few per second. 20:27:21.703178 00:24:a5:af:24:f6 (oui Unknown) Unknown… >>> More
Dual NIC Networking CentOS 5.3 (losing connection)

as seen on Server Fault - Search for 'Server Fault'
I have a CentOS System with two NICs on it. One is Ethernet the other is Wireless. The Ethernet has an address of 192.168.1.110 and is tied to a LAN. (The LAN provides DHCP and DNS for its domain of 192.168.1.*) The Wireless card should have an address of 131.238.. and is tied to the WAN. For… >>> More
Linux e1000e (Intel networking driver) problems galore, where do I start?

as seen on Server Fault - Search for 'Server Fault'
I'm currently having a major problem with e1000e (not working at all) in Ubuntu Maverick (1.0.2-k4), after resume I'm getting a lot of stuff in dmesg: [ 9085.820197] e1000e 0000:02:00.0: PCI INT A disabled [ 9089.907756] e1000e: Intel(R) PRO/1000 Network Driver - 1.0.2-k4 [ 9089.907762] e1000e: Copyright… >>> More

Related posts about ubuntu-14.04

Why Ubuntu Server asks to insert a CD-ROM when installed from PXE?

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I set up a PXE server which hosts both Ubuntu Desktop and Ubuntu Server. Ubuntu Desktop is installed successfully from PXE. Ubuntu Server seems to successfully load vmlinuz and initrd.gz, asks for the language, then the location, then the keyboard layout, and finally complains that it can't mount… >>> More
vi issue in SSH TTYs to Ubuntu 14.04.1 LTS

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
After upgrading my server to Ubuntu 14.04.1 LTS, I can no longer use the vi editor to edit anything in an SSH terminal (I access the server by launching ssh sessions from Cygwin running on Windows). The empty portions of the vi window fill with garbage. The workaround is to launch an xterm from the… >>> More
Ubuntu 14.04:LTS , HPLIP loses USB connection to HP laserjet

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
This is my first post, so please let me know if i have inadvertanly broken any rules. Problem There seems to be a problem with HPLIP and USB connections in ubuntu 14.04LTS. After upgrading i managed to get the printing to work but today it has broken. Initial Issue (Solved) After upgrading to… >>> More
Ubuntu 14.04.1 will not load - stops in tty1

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I was following some "guides" on how to clean my system and have cleaned it so well that it doesn't work anymore. Example: in synaptic, I completely removed all packages in "Not installed: residual configuration" and a ton of other packages I "don't need". I know this has probably been asked a trillion… >>> More
Need help with download/installation Ubuntu 14.04.1 [duplicate]

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
This question already has an answer here: How to install with Wubi when it says “Could not retrieve the required disk image files”? 2 answers I have downloaded Ubuntu… >>> More