A question about host...

Micheal Patterson micheal at tsgincorporated.com
Wed Sep 24 09:11:39 PDT 2003 




----- Original Message ----- 
From: "Armand Passelac" <apasselac at free.fr>
To: "Payne" <payne at magidesign.com>
Cc: <freebsd-questions at freebsd.org>
Sent: Wednesday, September 24, 2003 10:46 AM
Subject: Re: A question about host...


> [---- On Wed, 24 Sep, 2003 at  9:51, Payne wrote: ----]
> > Hi,
> >
> > I am wanting to use host.allow and host.deny to make my box more secure.
> > Is there a site that can explain how to use them.
>
> If I remember well :
>
> The lib libwrap.a corresponds to the famous name "tcp_wrappers".
> This lib is designed to secure the access of some network services :
xinetd,sshd,portmap, ...
>
> Syntax of hosts_access files :
> service:host
>
> examples :
> # Manage ALL tcp_wrapped services for the source address 192.168.1.2
> ALL: 192.168.1.2
> # Manage the pop3 service for the source address corresponding to the name
my.computer.fr
> pop3d: my.computer.fr
>
> You can specify multiple services with the comma (pop3d, in.telnetd)
> There is also the tag EXCEPT to specify an exception :
> ALL: EXCEPT 173.22.7.9
>
> Order of reading :
> The tcp_wrapped network service will read before the hosts.allow and AFTRE
the hosts.deny.
> The current  advice is to put the ALL:ALL in the hosts.deny
>
>
> I hope it will help you.
>
>

Unless things have changed in the 5.x series, libwrap is integrated into
inetd now (-w -W flags apply). Also, there is no need for a hosts.deny file
as hosts.allow contains both allow and deny entries now. Just have the
all:all:deny at the very bottom of hosts.allow.  The default hosts.allow
file gives examples of how to use the file for access control to various
daemons / services.

--

Micheal Patterson
TSG Network Administration
405-917-0600

Confidentiality Notice:  This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.

More information about the freebsd-questions mailing list