From owner-freebsd-questions  Wed Jul 14 15:14:42 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from dt054n86.san.rr.com (dt054n86.san.rr.com [24.30.152.134])
	by hub.freebsd.org (Postfix) with ESMTP id 5603315449
	for <freebsd-questions@freebsd.org>; Wed, 14 Jul 1999 15:14:30 -0700 (PDT)
	(envelope-from Doug@gorean.org)
Received: from localhost (doug@localhost)
	by dt054n86.san.rr.com (8.8.8/8.8.8) with ESMTP id PAA29781;
	Wed, 14 Jul 1999 15:13:17 -0700 (PDT)
	(envelope-from Doug@gorean.org)
Date: Wed, 14 Jul 1999 15:13:16 -0700 (PDT)
From: Doug <Doug@gorean.org>
X-Sender: doug@dt054n86.san.rr.com
To: Lance Woodson <lance@cswnet.com>
Cc: freebsd-questions@freebsd.org
Subject: Re: 3.2 hosts.allow Problems
In-Reply-To: <378CFDFC.16B891CC@cswnet.com>
Message-ID: <Pine.BSF.4.05.9907141509360.29705-100000@dt054n86.san.rr.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, 14 Jul 1999, Lance Woodson wrote:

> > I want to be able to deny all conections except from three domains.
> > However, everything is getting denied.  What am I doing wrong?
> 
> > /etc/hosts.allow
> > ALL:           127.0.0.1:      ALLOW
> > ALL:           .a.com:         ALLOW
> > ALL:           .b.com:         ALLOW
> > ALL:           .c.com:         ALLOW
> > telnetd:       ALL:            banners /usr/local/etc/banners
> > ALL:           ALL:            DENY
> 
> Now nothing is being denied.  To restart inetd, I am using "killall
> inetd;inetd".

	First, you shouldn't have to start inetd for changes in
hosts.allow to take effect. Second, are you testing from a machine that is
not included in the "allow" rules? I know that may seem like an obvious
question, but sometimes it's the obvious things that bite you. :)

	Also, to my knowledge it should not matter but I've always seen
rules for hosts.[allow,deny] written as:

ALL : ALL : DENY

rather than:

ALL: ALL: DENY

but it shouldn't matter. 

	Other than that, I'm out of ideas. The above _is_ the way it's
supposed to work, if that's any comfort.

Doug
-- 
On account of being a democracy and run by the people, we are the only
nation in the world that has to keep a government four years, no matter
what it does.
                -- Will Rogers



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message