How do I configure hosts.allow and hosts.deny to allow all connections from all hosts except for some hosts/ports specified in hosts.deny?
This is what I have now in these files:
hosts.allow:
ALL:ALL
hosts.deny:
somehost:someport
I want to allow all connections except for somehost:someport, but the above configuration does not work.
EDIT:
Well, I found out in this case hosts.allow should be an empty file, but it's still allowing connections on someport...
You've got it backwards.
It should be like this:
The syntax is actually more expressive than this: the port and the hosts can be lists, and the port can instead be specified by daemon name instead of port number, for example. Your system ought to have documentation for the format of the file.
And you're right about hosts.allow, it should be empty as the default action is to accept.
You can also use the extended format described in hosts_options(5) and use /etc/hosts.allow only.