IP Firewalling by DNS name

Ivan Voras ivoras at fer.hr
Tue May 31 07:56:47 PDT 2005

Igor Robul wrote:
> Ivan Voras wrote:

>> What I need it for: I'd like to allow ssh logins only from a specific 
>> TLD (by reverse lookup...) - maybe there's another way?
> /etc/hosts.allow
> man 5 hosts_access

How safe is it? As I understand it, sshd actually accepts connections 
prior to checking hosts.allow?

In hosts.allow, there's an example for sshd but it contains:

# Wrapping sshd(8) is not normally a good idea, but if you
# need to do it, here's how
#sshd : .evil.cracker.example.com : deny

Why it's not a good idea? :)

More information about the freebsd-stable mailing list