A question about host...
Armand Passelac
apasselac at free.fr
Wed Sep 24 11:38:04 PDT 2003
[---- On Wed, 24 Sep, 2003 at 11:11, Micheal Patterson wrote: ----]
>
>
Excuse me Payne, Michael is totaly *right* !
You can see the /etc/hosts.allow ... there is a lot of good examples for you.
Thanks Michael for the updating of _my_old_ view ;-)
Bye.
>
>
> ----- Original Message -----
> From: "Armand Passelac" <apasselac at free.fr>
> To: "Payne" <payne at magidesign.com>
> Cc: <freebsd-questions at freebsd.org>
> Sent: Wednesday, September 24, 2003 10:46 AM
> Subject: Re: A question about host...
>
>
> > [---- On Wed, 24 Sep, 2003 at 9:51, Payne wrote: ----]
> > > Hi,
> > >
> > > I am wanting to use host.allow and host.deny to make my box more secure.
> > > Is there a site that can explain how to use them.
> >
> > If I remember well :
> >
> > The lib libwrap.a corresponds to the famous name "tcp_wrappers".
> > This lib is designed to secure the access of some network services :
> xinetd,sshd,portmap, ...
> >
> > Syntax of hosts_access files :
> > service:host
> >
> > examples :
> > # Manage ALL tcp_wrapped services for the source address 192.168.1.2
> > ALL: 192.168.1.2
> > # Manage the pop3 service for the source address corresponding to the name
> my.computer.fr
> > pop3d: my.computer.fr
> >
> > You can specify multiple services with the comma (pop3d, in.telnetd)
> > There is also the tag EXCEPT to specify an exception :
> > ALL: EXCEPT 173.22.7.9
> >
> > Order of reading :
> > The tcp_wrapped network service will read before the hosts.allow and AFTRE
> the hosts.deny.
> > The current advice is to put the ALL:ALL in the hosts.deny
> >
> >
> > I hope it will help you.
> >
> >
>
> Unless things have changed in the 5.x series, libwrap is integrated into
> inetd now (-w -W flags apply). Also, there is no need for a hosts.deny file
> as hosts.allow contains both allow and deny entries now. Just have the
> all:all:deny at the very bottom of hosts.allow. The default hosts.allow
> file gives examples of how to use the file for access control to various
> daemons / services.
>
> --
>
> Micheal Patterson
> TSG Network Administration
> 405-917-0600
>
> Confidentiality Notice: This e-mail message, including any attachments, is
> for the sole use of the intended recipient(s) and may contain confidential
> and privileged information. Any unauthorized review, use, disclosure or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
[---- End of original mail from Micheal Patterson ----]
--
"No guts No glory"
=] PASSELAC Armand [=
( @ @ )
Ingenieur Systemes-Reseaux & Securite
ORBYTES INGENIERIE
More information about the freebsd-questions
mailing list