IPFW Firewall Question
G magicman
gwg7webbcom at yahoo.com
Fri Dec 5 11:29:42 PST 2008
I have tried this it did not work and the Co-Lo people are convinced that sshd and sendmail
need to be run out of inetd.conf for this to work
As i said i am used to BSDI and the Finnish SSHD
Also here they are using the combined hosts.allow/deny with the deny inside which i never liked
Thank you for your help on this
Garrett
--- On Fri, 12/5/08, Mel <fbsd.questions at rachie.is-a-geek.net> wrote:
From: Mel <fbsd.questions at rachie.is-a-geek.net>
Subject: Re: IPFW Firewall Question
To: freebsd-questions at freebsd.org, gwg7webbcom at yahoo.com
Date: Friday, December 5, 2008, 6:02 AM
On Friday 05 December 2008 01:26:04 G magicman wrote:
> Why because of the following:
>
> 1. Hosts.access on freebsd works on the Application Layer instead of the
> Network Layer Therefore Hosts.allow/hosts.deny no longer works the way
i
> want and i do not feel like running Sendmail and sshd out of Inetd which
> appearantly is the only way to be able to use hosts.allow/deny
You're right about the application layer, but not about the rest. From
sshd(8):
/etc/hosts.allow
/etc/hosts.deny
Access controls that should be enforced by tcp-wrappers are
defined here. Further details are described in hosts_access(5).
> 2. Next openssh doesnot have an AllowHosts directive like the Finnish one
> does it only has an AllowUsers directive so i need to protect the system
> from DDOS attacks
Again, see above.
> and Hacking I already tried to block things using the
> Sendmail Access file but all that did was choak up the server with moronic
> shit. And i want to be able to use my sftp program but it opens random
> ports which can not be controlled so i need the Clearaddresses to be able
> to see all ports.
For the firewall, pf user here, so others should help. ;)
--
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
More information about the freebsd-questions
mailing list