[stunnel-users] Happy New Year to you all !!! and how to block ips?
Peter Pentchev
roam at ringlet.net
Fri Dec 28 09:30:25 CET 2007
On Thu, Dec 27, 2007 at 04:45:36PM -0600, jilin zhang wrote:
> Happy New year to you all.
>
> A question I have is, do we have a way to write a few lines to block
> access from certain IPs, such as 66.99.88.xx (made up for example)? So
> these people would not need to try out the passwords behind stunnel.
If you are running stunnel under some kind of Unix-like OS, and it is
compiled with libwrap support, you can use /etc/hosts.allow and
/etc/hosts.deny to control access to the stunnel service.
You can check if stunnel is built with libwrap support in the output
of the "stunnel -version" command; here it says:
[roam at straylight ~> stunnel -version
stunnel 4.21 on i386-unknown-freebsd6.3 with OpenSSL 0.9.7e-p1 25 Oct 2004
Threading:UCONTEXT SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
You can see the "LIBWRAP" token on the second line.
I'm not sure how stunnel handles libwrap support under Windows; somebody
else will have to explain.
G'luck,
Peter
--
Peter Pentchev roam at ringlet.net roam at cnsys.bg roam at FreeBSD.org
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
If wishes were fishes, the antecedent of this conditional would be true.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20071228/ffec20a4/attachment.sig>
More information about the stunnel-users
mailing list