A simple solution is to add an in.ftpd entry to your /etc/hosts.allow and
hosts.deny, but that wouldn't make it secure for IP-spoofing. The better way
would be to use IPchains. the -i options allows you to specify an interface.
ipchains -P input DENY
ipchains -A input -i eth0 -s 10.0.0.0/24 -j ACCEPT
The above example says:
DENY everything, but
ACCEPT all traffic coming from eth0 with source-address 10.0.0.0 to
This is just a basic example. Extend it with -p ftp and -p ftp-data and all
the other options you want.
Have a look at: http://metalab.unc.edu/mdw/HOWTO/IPCHAINS-HOWTO.html
From: Daniel Zeaiter [mailto:email@example.com]
Sent: maandag 31 januari 2000 9:15
Subject: Blocking FTP to external-network users
I have an FTP server setup on my RH6.1 K2.2.14 machine, but I wish to
only allow computers on my local network (192.168.1.0) to access it. How
is this possible? I figured maybe using IP Chains, but can you use that
to block individual ports?
Thanks in advance!
Daniel Zeaiter E-Mail: firstname.lastname@example.org Phone: 0408 242 500 ICQ: 16889511 Website: homepages.ihug.com.au/~mdzeater - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to email@example.com - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to firstname.lastname@example.org
This archive was generated by hypermail 2b29 : Mon Jan 31 2000 - 21:00:34 EST