Using Commands in the ftphosts File to Allow or Deny FTP Server Connection

Using Commands in the ftphosts File to Allow or Deny FTP Server Connection

The purpose of the ftphosts file is to allow or deny specific users or addresses from connecting to the FTP server. The format of the file is the word allow or deny, optionally followed by a username, followed by an IP or a DNS address.

allow username address deny username address

Listing 24.4 shows a sample configuration of this file.

Listing 24.4. ftphosts Configuration File for Allowing or Denying Users

# Example host access file # # Everything after a '#' is treated as comment, # empty lines are ignored allow tdc 128.0.0.1 allow tdc 192.168.101.* allow tdc insanepenguin.net allow tdc *.exodous.net deny anonymous 201.* deny anonymous *.pilot.net

The * is a wildcard that matches any combination of that address. For example, allow tdc *.exodous.net allows the user tdc to log in to the FTP server from any address that contains the domain name exodous.net. Similarly, the anonymous user is not allowed to access the FTP if he is coming from a 201 public class C IP address.

Changes made to your system's FTP server configuration files become active only after you restart xinetd because configuration files are parsed only at startup. To restart xinetd as root, issue the command /etc/rc.d/init.d/xinetd restart. This makes a call to the same shell script that is called at system startup and shutdown for any runlevel to start or stop the xinet daemon. xinetd should report its status as

# /etc/rc.d/init.d/xinetd restart Stopping xinetd:                                   [ OK ] Starting xinetd:                                   [ OK ]

When the FTP server restarts, it is accessible to all incoming requests.