ralus.cfg options and IP restrictions

Mnietek · ‎01-26-2010

I've recently installed RALUS on a linux server. It seems to be running ok but I can't find any way to restrict it to listen on particular interface or respond only to a given set of IP's. Restricting beremote in hosts.allow/deny doesn't seem to work. I think I don't need to say that I'm not very happy with a root-privileged program listening to whole wide world. Is there any working way to restrict beremote in some way?
And another question - I didn't manage to find any good description of possible settings in ralus.cfg. Is there such document available somewhere? The manual only mentions some settings but I don't believe it's the whole possible set of options.

hemant_chugh · ‎01-28-2010

Hi Mnietek,

You can use iptables to block ports well all programs are not controlled by host.allow or host.deny
well using host.deny with entry for eg

smtp : ALLOW ALL EXCEPT 10.1.1.1 or .example.com

The above can be used under host.deny we do not have to use both files.

We can use iptables as well for eg:

iptables -A INPUT -p tcp -i <internal NIC> -s ! <your IP> --dport 80 -j REJECT
iptables -A INPUT -p tcp -i <internal NIC> -s <your IP> --dport 80 -j ACCEPT

You can try with any of those examples and update me.

Mnietek · ‎03-24-2010

Hi Hemant.
I know I can use iptables. I already do, since I don't have any other way to control RALUS.
It's just that it's very un-unixlike to just bind to every possible interface without giving the user the possibility to control it and it's very not-KISS-like. I mean that now I have two things I have to watch for. If I do a mistake in my iptables script I can end up with services open to whole world, which is not a desired situation.
I just find the approach "open and filter" very windows-like (even in NT4 we could bind services to particular interfaces; the possibility was removed in W2k) and very different from the rest of services I run on my linux boxes.

VOX

ralus.cfg options and IP restrictions