- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- TCPWrapper hosts.allow file - correct syntax for I...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-30-2004 02:35 AM
тАО07-30-2004 02:35 AM
I need to add a range of IP's to my hosts.allow file and I need the correct syntax. What I have now is (example only) 194.2.55.:80-105
Should it be 194.2.55.80-105: ?
Thanks in advance!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-30-2004 03:24 AM
тАО07-30-2004 03:24 AM
Re: TCPWrapper hosts.allow file - correct syntax for IP Range
sshd: 1.2.3.4,1.2.3.5,1.2.3.6
I tried:
sshd: 1.2.3.4-6
sshd: 1.2.3.4,5,6
sshd: 1.2.3.[4-6]
And none of them worked. Only fully stating all addresses and separating with commas worked for me.
Not what you wanted to hear, I'm sure.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-30-2004 04:13 AM
тАО07-30-2004 04:13 AM
Re: TCPWrapper hosts.allow file - correct syntax for IP Range
True, true - not what I wanted to hear. 8-(
Nuts! I didn't really want to enter 35 separate addresses.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-30-2004 04:20 AM
тАО07-30-2004 04:20 AM
Re: TCPWrapper hosts.allow file - correct syntax for IP Range
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-30-2004 04:25 AM
тАО07-30-2004 04:25 AM
Re: TCPWrapper hosts.allow file - correct syntax for IP Range
Tried - see?
# man 5 hosts_access
No entry for hosts_access in section 5 of the manual.
Guess I'n not a "TRUE" admin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-30-2004 05:00 AM
тАО07-30-2004 05:00 AM
SolutionHere is an excerpt of the relevant section:
PATTERNS
The access control language implements the following patterns:
+ A string that begins with a `.' character. A host name is matched
if the last components of its name match the specified pattern.
For example, the pattern `.tue.nl' matches the host name
`wzv.win.tue.nl'.
+ A string that ends with a `.' character. A host address is
matched if its first numeric fields match the given string. For
example, the pattern `131.155.' matches the address of (almost)
every host on the Eindhoven University network (131.155.x.x).
+ A string that begins with an `@' character is treated as an NIS
(formerly YP) netgroup name. A host name is matched if it is a
host member of the specified netgroup. Netgroup matches are not
supported for daemon process names or for client user names.
+ An expression of the form `n.n.n.n/m.m.m.m' is interpreted as a
`net/mask' pair. A host address is matched if `net' is equal to
the bitwise AND of the address and the `mask'. For example, the
net/mask pattern `131.155.72.0/255.255.254.0' matches every
address in the range `131.155.72.0' through `131.155.73.255'.
----------------------------------------
Here is how I would generate your range of addresses:
#!/usr/bin/sh
typeset -i10 A=85
typeset -i10 STOP=105
BASEIP="194.2.55."
COMMAND="sshd"
echo "${COMMAND}: ${BASEIP}${A}\c"
((A += 1))
while [[ ${A} -le ${STOP} ]]
do
echo ",${BASEIP}${A}\c"
((A += 1))
done
echo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-30-2004 05:13 AM
тАО07-30-2004 05:13 AM
Re: TCPWrapper hosts.allow file - correct syntax for IP Range
You're right. The man pages for TCPWrappers were not in the /etc/MANPATH - I think because we install this program in /usr/local and we don't include that path for root. Thank you for the excerpt from the man pages. The script will be useful to have regardless of what I need to do.
Points on the way.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-30-2004 06:23 AM
тАО07-30-2004 06:23 AM
Re: TCPWrapper hosts.allow file - correct syntax for IP Range
http://ezine.daemonnews.org/200206/hosts_allow.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-30-2004 07:02 AM
тАО07-30-2004 07:02 AM
Re: TCPWrapper hosts.allow file - correct syntax for IP Range
STYLE = -DPROCESS_OPTIONS Makefile (actually uncomment the line) entry and then you have the extended options. This is actually my approach to tcp_wrappers.
Since we are now in the realm of extended hosts.allow syntax there is a way to do what you want:
Create an entry that looks like this:
remsh : ALL : twist /mydir/myfile.sh %a && exec /usr/lbin/remshd -l
Note that we let any remotehost in but we first execute /mydir/myfile.sh. %a is the client's IP address and only if it exits with a zero status (because of the &&) does it then exec remshd. Your IP ranges are then controlled within /mydir/myfile.sh and it can also process other arguments that you choose to supply like username (%u). The 'twist' argument allows you to apply very powerful rules.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-02-2004 02:21 AM
тАО08-02-2004 02:21 AM