How to edit hosts.deny and hosts.allow?

hosts dns

I want to block some hosts in Ubuntu, so how could I edit hosts.deny file to block some hosts like example.com.

And one more thing I have installed dnsmasq in Ubuntu, so can I check the entries of the dns's cached by dnsmasq? If yes then how?

Thanks in advance.


hosts.deny example:

ALL: 192.168.1.2
ALL: example.org

This denies all service to 192.168.1.2 and example.org. For further information, take a look here: http://linux.about.com/od/commands/l/blcmdl5_hostsde.htm

dnsmasq -d should give you the cached entries but I'm not so sure about that.

---UPDATE---

To block an IP Address with iptables:

iptables -A INPUT -s 11.22.33.44 -j DROP

to unblock:

iptables -D INPUT -s 11.22.33.44 -j DROP

hosts.allow and hosts.deny are deprecated. They are used by TCP Wrappers, host-based access control, http://en.wikipedia.org/wiki/TCP_Wrapper

If you want to block access to a service, you need to find whether that service has been compiled with TCP Wrappers. I highly doubt that Ubuntu services still use TCP Wrappers.

The TCP Wrappers library is found in /lib/libwrap.so.0 If you want to check whether lighttpd (Web server) supports TCP Wrappers, run

> ldd /usr/sbin/lighttpd
    linux-vdso.so.1 =>  (0x00007fff2a5ff000)
    libpcre.so.3 => /lib/libpcre.so.3 (0x00007f69af837000)
    libdl.so.2 => /lib/libdl.so.2 (0x00007f69af633000)
    libattr.so.1 => /lib/libattr.so.1 (0x00007f69af42d000)
    libssl.so.0.9.8 => /lib/libssl.so.0.9.8 (0x00007f69af1db000)
    libcrypto.so.0.9.8 => /lib/libcrypto.so.0.9.8 (0x00007f69aee4b000)
    libfam.so.0 => /usr/lib/libfam.so.0 (0x00007f69aec42000)
    libc.so.6 => /lib/libc.so.6 (0x00007f69ae8bf000)
    /lib64/ld-linux-x86-64.so.2 (0x00007f69afa90000)
    libz.so.1 => /lib/libz.so.1 (0x00007f69ae6a8000)
> _

It does not mention libwrap, so at least this service does not support TCP Wrappers, and will ignore /etc/hosts.{allow, deny}.


You want to use a firewall to block access to other sites. I believe ufw is intalled by default. The command man ufw should provide information on how to use it. Replace 192.0.2.15 with the address you want to block.

The commands 

sudo ufw enable
sudo ufw deny to 192.0.2.15

Related

How can I Display a Progress Bar in mplayer?
Get Window size in shell
External USB hard drives - what speeds should be expected?
Is it possible to query maximum ram my mobo takes?
converting from .wmv to .mp4
How to know what version of PHP is used on my xampp?
unable to install/import tkinter
VirtualBox 5.0 installation has broken VirtualBox packages on Kubuntu 15.04
What happens when you "Try Ubuntu without installing"?
Only half of Wacom Intuos tablet area maps to entire screen horizontally
Markdown, LaTeX combined in WYSIWYG editor. Is there any?
How to get the full command line used to launch a process