Next Previous Contents

5. Access

5.1 Allow hosts

This parameter is a comma-delimited set of hosts which are permitted to access a service.

If specified in the Default section, it will apply to all services, regardless of whether the individual service has a different setting.

You can specify the hosts by name or IP number. For example, you could restrict access to only the hosts on a Class C subnet with something like "allow hosts = 150.203.5.". The full syntax of the list is described in the man page hosts_access(5).

You can also specify hosts by network/netmask pairs and by netgroup names if your system supports netgroups. The EXCEPT keyword can also be used to limit a wildcard list. The following examples may be useful:

Example 1

allow all IPs in 150.203.*.* except one

hosts allow = 150.203. EXCEPT

Example 2

allow hosts that match the given network/netmask

hosts allow =

Example 3

allow a couple of hosts

hosts allow = lapland, arvidsjaur

Example 4

allow only hosts in netgroup "foonet" or localhost, but deny access from one particular host

hosts allow = @foonet, localhost hosts deny = pirate

Note that access still requires suitable user-level passwords.

See testparm(1) for a way of testing your host access to see if it does what you expect.

Default: None (i.e., all hosts are permitted access)

Example: 150.203.5.

5.2 Deny hosts

The opposite of 'allow hosts' -- hosts listed here are NOT permitted access to services unless the specific services have their own lists to override this one. Where the lists conflict, the 'allow' list takes precedence.

Default: none (i.e., no hosts are specifically excluded)

Example: 150.203.4.

Next Previous Contents