Did you know there’s a very easy way to block or allow IP addresses in Linux using two simple files? Those files are hosts.allow and hosts.deny, and they make it such that you can block or allow IP addresses on the fly without having to deal with more complicated firewall rules.
With this ability, you could quickly block a suspicious IP address to avoid possible malicious activity; or, you could limit, say, SSH connections to only specific addresses so you don’t have to worry about third parties gaining access to your servers or desktops. Let me show you how it’s done by demonstrating SSH access to a machine. The only things you’ll need for this are a running instance of Linux and a user with sudo privileges.
Log in to your Linux machine and open a terminal window. The first thing we’re going to do is deny all access to the SSH daemon. Open hosts.deny with the command sudo nano /etc/hosts.deny. At the bottom of that file, add sshd: ALL. Save and close the file.
Next, open hosts.allow with the command sudo nano /etc/hosts.allow. Let’s say you want to enable SSH access to only two machines on your network, which are at IP addresses 192.168.1.62 and 192.168.1.152; for that, at the bottom of the file, add the line sshd: 192.168.1.62, 192.168.1.152. Save and close the file.
At this point, the only two machines that are able to access your desktop or server via SSH are those two. Keep in mind that hosts.deny is read before hosts.allow so having sshd: ALL set to hosts.deny is only overridden if there’s an entry in hosts.allow. If you configure hosts.deny with ssdh: ALL and don’t add a corresponding entry in hosts.allow, no one will be allowed access, via SSH, to the machine.
And that’s all there is to using hosts.deny and hosts.allow to add another layer of security to your Linux machines.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.