etc/hosts.allow files and IP ranges

I’ve inherited a pre-configured box and recently had to audit the etc/hosts.allow files.

For those who don’t know what etc/hosts.allow files are. These are files that services such as vsftp, sshd, and etc, would go to check, to see if certain IPs were allowed or not. If the IP passes the allow rules, then it’s allowed to use the service, otherwise, usage of this service will be DENIED.

Anyways, I’ve found a lot of x.x.x.x/xx rules, and I know their intention. They wanted to allow a range of IPs, in this specific case, they wanted to allow #.#.0.0 to #.#.255.255 where# is a number of a constant value.

Unfortunately, the allows rules didn’t seem to like the /xx format, and the easier solution was simply do #.#. since only the first few octets were interpreted, this allows #.#.x.x values to work, which means provides a #.#.0.0 to #.#.255.255 access. It’s also much easier to read.

Leave a Reply