On Thu, Dec 27, 2007 at 04:45:36PM -0600, jilin zhang wrote:
Happy New year to you all.
A question I have is, do we have a way to write a few lines to block access from certain IPs, such as 66.99.88.xx (made up for example)? So these people would not need to try out the passwords behind stunnel.
If you are running stunnel under some kind of Unix-like OS, and it is compiled with libwrap support, you can use /etc/hosts.allow and /etc/hosts.deny to control access to the stunnel service. You can check if stunnel is built with libwrap support in the output of the "stunnel -version" command; here it says:
[roam@straylight ~> stunnel -version stunnel 4.21 on i386-unknown-freebsd6.3 with OpenSSL 0.9.7e-p1 25 Oct 2004 Threading:UCONTEXT SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
You can see the "LIBWRAP" token on the second line.
I'm not sure how stunnel handles libwrap support under Windows; somebody else will have to explain.
G'luck, Peter