25 Oct 2007 Using TCP Wrappers to deny daemon access in specified hours

Posted by Hans-Henry Jakobsen

By doing the following you can deny certain daemons to be available in specified hours by using hosts.allow and hosts.deny.

In my example I will be using the vsftpd daemon by adding

tcp_wrapper=YES

in /etc/vsftpd.conf.

Make sure that your private network has access all the time by adding this in /etc/hosts.allow

vsftpd: 192.168.0.

Enables access to the whole subnet.

Next you create a /etc/cron.d/vsftpd file

0 16 * * 1-5 root perl -i -p -e s/innhold//ig /etc/hosts.deny
0 8 * * 1-5 root echo "vsfdpt:ALL >> /etc/hosts.deny

Reload the cron daemon and you’re good to go.

The above example will deny all addresses, except those specified in hosts.allow, between 08:00 and 16:00 Monday to Friday and clear the block at other times.

Tags: daemon, perl