From owner-freebsd-questions@FreeBSD.ORG Wed Sep 24 08:47:00 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B132416A4B3 for ; Wed, 24 Sep 2003 08:47:00 -0700 (PDT) Received: from SMT02002.global-asp.net (SMT02002.global-asp.net [194.51.152.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id A957643FE3 for ; Wed, 24 Sep 2003 08:46:59 -0700 (PDT) (envelope-from apasselac@free.fr) Received: from smt02003.global-asp.net (localhost [127.0.0.1]) by SMT02002.global-asp.net (Postfix) with ESMTP id 3CBDF23576; Wed, 24 Sep 2003 17:46:54 +0200 (CEST) Received: from freebie.freebsd.org (Mix-Poitiers-112-3-117.w80-9.abo.wanadoo.fr [80.9.238.117]) by smt02003.global-asp.net (Postfix) with ESMTP id 43E152FA0B; Wed, 24 Sep 2003 17:46:52 +0200 (CEST) Received: from freebie.freebsd.org (freebie.freebsd.org [127.0.0.1]) by freebie.freebsd.org (8.12.9/8.12.9) with ESMTP id h8OFknB2030650; Wed, 24 Sep 2003 17:46:49 +0200 (CEST) (envelope-from kmaster@freebie.freebsd.org) Received: (from kmaster@localhost) by freebie.freebsd.org (8.12.9/8.12.9/Submit) id h8OFkif2030646; Wed, 24 Sep 2003 17:46:44 +0200 (CEST) Date: Wed, 24 Sep 2003 17:46:43 +0200 From: Armand Passelac To: Payne Message-ID: <20030924154643.GD30190@freebie.freebsd.org> References: <3F71A16A.70903@magidesign.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline In-Reply-To: <3F71A16A.70903@magidesign.com> cc: freebsd-questions@freebsd.org Subject: Re: A question about host... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Sep 2003 15:47:00 -0000 [---- On Wed, 24 Sep, 2003 at 9:51, Payne wrote: ----] > Hi, > > I am wanting to use host.allow and host.deny to make my box more secure. > Is there a site that can explain how to use them. If I remember well : The lib libwrap.a corresponds to the famous name "tcp_wrappers". This lib is designed to secure the access of some network services : xinetd,sshd,portmap, ... Syntax of hosts_access files : service:host examples : # Manage ALL tcp_wrapped services for the source address 192.168.1.2 ALL: 192.168.1.2 # Manage the pop3 service for the source address corresponding to the name my.computer.fr pop3d: my.computer.fr You can specify multiple services with the comma (pop3d, in.telnetd) There is also the tag EXCEPT to specify an exception : ALL: EXCEPT 173.22.7.9 Order of reading : The tcp_wrapped network service will read before the hosts.allow and AFTRE the hosts.deny. The current advice is to put the ALL:ALL in the hosts.deny I hope it will help you. > > Thanks, > > Pup > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" [---- End of original mail from Payne ----] -- "No guts No glory" =] PASSELAC Armand [= ( @ @ ) Ingenieur Systemes-Reseaux & Securite ORBYTES INGENIERIE