IP Firewalling by DNS name
Ivan Voras
ivoras at fer.hr
Tue May 31 07:56:47 PDT 2005
Igor Robul wrote:
> Ivan Voras wrote:
>> What I need it for: I'd like to allow ssh logins only from a specific
>> TLD (by reverse lookup...) - maybe there's another way?
>
> /etc/hosts.allow
> man 5 hosts_access
How safe is it? As I understand it, sshd actually accepts connections
prior to checking hosts.allow?
In hosts.allow, there's an example for sshd but it contains:
# Wrapping sshd(8) is not normally a good idea, but if you
# need to do it, here's how
#sshd : .evil.cracker.example.com : deny
Why it's not a good idea? :)
More information about the freebsd-stable
mailing list