Deny SSH and Record Activity using TCP Wrapper

Deny SSH and Record Activity using TCP Wrapper



We first need to understand how rules are read from /etc/hosts.allow and /etc/hosts.deny files.

Inbound packets to tpcd, the Linux TCP daemon, are filtered through the rules in /etc/hosts.allow first, and then, if there are no matches, they are checked against the rules in /etc/hosts.deny.

It’s important to note this order, because if you have contradictory rules in each file you should be aware that the rule in /etc/hosts.allow will always be implemented, as the first match is found there. This ceases the filtering, and the incoming packets are never checked against /etc/hosts.deny. If a matching rule is not found in either file, access is granted.

Read complete story …