what is the difference between the hosts and hosts.allow files? From what I have read it seems like both files are for adding IP address allowing network access.
Below are my hosts and hosts.allow files:
/etc/hosts
127.0.0.1 localhost
127.0.1.1 craig-PE-T130
The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
/etc/hosts.allow
list of hosts that are allowed to access the system.
See the manual pages hosts_access(5) and hosts_options(5).
Example: ALL: LOCAL @some_netgroup ALL: .foobar.edu EXCEPT terminalserver.foobar.edu If you're going to protect the portmapper use the name "rpcbind" for the daemon name. See rpcbind(8) and rpc.mountd(8) for further information.3 Answers
The two are quite different in their functions.
/etc/hostsis used as a local DNS on your localapacheinstance ornginxas the case may be to mappeddomain namesto theip address 127.0.*.*.From "man hosts": hosts - static table lookup for hostnames. So when we request a domain in our browser say "mydoman.com", our system checks in the /etc/hosts files to resolve this "domain name" to an "IP address". If we have that entry in the "/etc/hosts" file then the page content is served up from our machine files else it look out on the inter- net to resolve that name./etc/host.allowand/etc/hosts.denyis used like aniptableto control access to the machine or network form external sources. Note that both iptables and host access can't be used simultaneously. Its your either usingiptableshost access control mechanism, or your using theaccess control librarymechanismExample hosts file entries are # # hosts.allow This file describes the names of # the hosts that are allowed to use # the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # Only allow connections within the virginia.edu # domain. ALL: .virginia.edu # # hosts.deny This file describes the names of # the hosts that are *not* allowed # to use the local INET services, as # decided by the '/usr/sbin/tcpd' # server. # # deny all by default, only allowing hosts or # domains listed in hosts.allow. ALL: ALL
Sources:
man hosts, man hosts_access, virginia.edu
1/etc/hostsIs a file that will permit name resolution on the local host. Taking the Ipv4 or IPv6 address and translating it to a friendly name.
/etc/hosts.allowIs used by XDCMP protocol to provide a list of permitted machines to access the service.
The
etc/hosts file is used to associate domain names to IP addresses. An entry for an IP address is given in a single line. In today's systems, etc/hosts file (also called the host table) is suppressed by the DNS server. I use it mainly for local testing. It is a common part of an operating system's Internet Protocol (IP) implementation.
The
etc/hosts.allow or etc/hosts.denyis used to allow/deny access to different services.
Generally, these files are deprecated these days. If you want to block access to a service by this way, you need to find whether that service has been compiled with TCP Wrappers or not. Firewall is a good way to block services.
