[SOLVED] hosts.deny not blocking hosts to use NFS

JohnGomez84 · 04-21-2017, 01:30 AM

Hi, Im setting up a NFS server in Ubuntu 16.04 for my IT studies and i have to configure hosts.deny and hosts.allow to deny a pc from using nfs, I can't deny it in /etc/exports (that would be way easier) because I have to do it with hosts.deny.
I've read in internet that newer versions of NFS doesn't use TCP Wrappers so hosts.deny and the other one are useless now but my teacher says that you can still use it...
Anyway, this is my code in hosts.deny:

Code:

ALL: 192.168.8.2

And this is my code in hosts.allow:

Code:

ALL: ALL

If someone know why it isn't blocking the hosts I would appreciate some help.
(Sorry for my eng I'm from Spain)

Turbocapitalist · 04-21-2017, 02:37 AM

Quote:

Originally Posted by JohnGomez84

I've read in internet that newer versions of NFS doesn't use TCP Wrappers so hosts.deny

If that version of NFS actually does still support old TCP Wrappers, then you'll have to add the daemons by name ( rpcbind mountd nfsd statd lockd rquotad ) to hosts.deny, and maybe also to hosts.allow

See:

Code:

man hosts_access

Fewer and fewer daemons still support use of tcpd (TCP Wrappers) any more. If this is not a history or archaeology class then it might be better to use iptables instead. tcpd is from the years before even ipchains was available.

JohnGomez84 · 04-21-2017, 02:49 AM

Ok I'll try it right now, thanks man I really appreciate that help.

Habitual · 04-21-2017, 04:07 AM

https://ubuntuforums.org/showthread....6#post13459876
for details on how tcpwrappers work (or doesn't)

openssh < 6.6 = tcpwrapper works.
Lemme know.

Laserbeak · 04-29-2017, 02:24 AM

NFS is technically connectionless and uses UDP packets instead of a real TCP connection to a daemon, and so it doesn't go through tcpwrappers.