Skip to content »
ITS and UVa logos for printed output

ITS UNIX Systems

Editing hosts.allow and hosts.deny Files

To restrict access to your Unix or Linux machine, you must modify the /etc/hosts.allow and /etc/host.deny files. These files are used by the tcpd (tcp wrapper) and sshd programs to decide whether or not to accept a connection coming in from another IP address. ITS recommends that to start with, you restrict access to only those network addresses you are certain should be allowed access. The following two example files allow connections from any address in the virginia.edu network domain, but no others.

/etc/hosts.allow

ITS recommends using the configuration shown in the following /etc/hosts.allow file, to permit connections to any services protected by the tcpd or sshd from only systems within the virginia.edu domain:

      #
      # hosts.allow   This file describes the names of the hosts which are
      #               allowed to use the local INET services, as decided
      #               by the '/usr/sbin/tcpd' server.
      #
      # Only allow connections within the virginia.edu domain.

      ALL: .virginia.edu

/etc/hosts.deny

Following is ITS's suggested /etc/hosts.deny file content. With this configuration, access to your machine from all hosts is denied, except for those specified in hosts.allow.

      #
      # hosts.deny    This file describes the names of the hosts which are
      #               *not* allowed to use the local INET services, as decided
      #               by the '/usr/sbin/tcpd' server.
      #
      # deny all by default, only allowing hosts or domains listed in hosts.allow.
 
      ALL: ALL

Page Updated: 2012-02-16

Standards & Policy

University of Virginia
Information Technology Services
2015 Ivy Road
P.O. Box 400324
Charlottesville, Virginia, 22904-4324 USA

UVa Help Desk: 434-924-HELP (434-924-4357) • 4help@virginia.edu

Page Updated: 2012-02-16; © 2014 by the Rector and Visitors of the University of Virginia.

The information contained on the University of Virginia’s Department of Information Technology Services (ITS) website is provided as a public service with the understanding that ITS makes no representations or warranties, either expressed or implied, concerning the accuracy, completeness, reliability or suitability of the information, including warrantees of title, non-infringement of copyright or patent rights of others. These pages are expected to represent the University of Virginia community and the State of Virginia in a professional manner in accordance with the University of Virginia’s Computing Policies.