From owner-freebsd-questions Tue Sep 4 6:25:18 2001 Delivered-To: freebsd-questions@freebsd.org Received: from comp04.prc.uic.edu (comp04.prc.uic.edu [128.248.230.104]) by hub.freebsd.org (Postfix) with SMTP id 7E26237B403 for ; Tue, 4 Sep 2001 06:25:14 -0700 (PDT) Received: (qmail 48975 invoked by uid 1000); 4 Sep 2001 13:25:34 -0000 Date: Tue, 4 Sep 2001 08:25:34 -0500 From: Lucas Bergman To: Peter Brezny Cc: questions@freebsd.org Subject: Re: limiting ftp access by ip for an old 2.2.8 system Message-ID: <20010904082534.B48947@comp04.prc.uic.edu> Reply-To: lucas@slb.to References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from pbrezny@purplecat.net on Tue, Sep 04, 2001 at 09:03:48AM -0400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > I've got an old 2.2.8 system with someone making multiple attempts > to gain access through ftp. > > There's no hosts.allow in the /etc dir. Is there a way I can deny > all connections from this specific ip? You could (a) install tcp_wrappers, (b) run ftpd through ucspi-tcp instead of inetd, since it comes with a tcp_wrappers-like facility, or (c) tell your firewall to drop packets from that IP bound for port 21 on the floor. Note that conventional wisdom says that you should setup non-secure services like telnetd and ftpd by inclusion, rather than exclusion. Lucas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message