[stunnel-users] Happy New Year to you all !!! and how to block ips?

Peter Pentchev roam at ringlet.net
Fri Dec 28 09:30:25 CET 2007


On Thu, Dec 27, 2007 at 04:45:36PM -0600, jilin zhang wrote:
> Happy New year to you all.
> 
> A question I have is, do we have a way to write a few lines to block
> access from certain IPs, such as 66.99.88.xx (made up for example)?  So
> these people would not need to try out the passwords behind stunnel.

If you are running stunnel under some kind of Unix-like OS, and it is
compiled with libwrap support, you can use /etc/hosts.allow and
/etc/hosts.deny to control access to the stunnel service.
You can check if stunnel is built with libwrap support in the output
of the "stunnel -version" command; here it says:

[roam at straylight ~> stunnel -version
stunnel 4.21 on i386-unknown-freebsd6.3 with OpenSSL 0.9.7e-p1 25 Oct 2004
Threading:UCONTEXT SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP

You can see the "LIBWRAP" token on the second line.

I'm not sure how stunnel handles libwrap support under Windows; somebody
else will have to explain.

G'luck,
Peter

-- 
Peter Pentchev	roam at ringlet.net    roam at cnsys.bg    roam at FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
If wishes were fishes, the antecedent of this conditional would be true.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20071228/ffec20a4/attachment.sig>


More information about the stunnel-users mailing list