Using Commands in the ftphosts File to Allow or Deny FTP Server Connection

Using Commands in the ftphosts File to Allow or Deny FTP Server Connection

The purpose of the ftphosts file is to allow or deny specific users or addresses from connecting to the FTP server. The format of the file is the word allow or deny optionally followed by a username, followed by an IP or a DNS address.

allow username address deny username address 

Listing 23.3 shows a sample configuration of this file.

Listing 23.3. ftphosts Configuration File for Allowing or Denying Users

# Example host access file # # Everything after a '#' is treated as comment, # empty lines are ignored allow tdc 128.0.0.1 allow tdc 192.168.101.* allow tdc insanepenguin.net allow tdc *.exodous.net deny anonymous 201.* deny anonymous *.pilot.net 

The * is a wildcard that will match any combination of that address. For example, allow tdc *.exodous.net will allow the user tdc to log in to the FTP server from any address that contains the domain name exodous.net. Similarly, the anonymous user will not be allowed to access the FTP if he is coming from a 201 public class C IP address.

Changes made to your system's FTP server configuration files only become active after you restart inetd because configuration files are only parsed at startup. To restart inetd as root, issue the command /etc/init.d/inetutils-inetd restart. This makes a call to the same shell script that is called at system startup and shutdown for any runlevel to start or stop the inet daemon. inetd should report its status as

# /etc/init.d/inetutils-inetd restart Stopping internet superserver inetd:                                           [  OK  ] Starting internet superserver inetd:                                           [  OK  ] 

Once restarted, the FTP server is accessible to all incoming requests.