Date: Wed, 24 Sep 2003 17:46:43 +0200 From: Armand Passelac <apasselac@free.fr> To: Payne <payne@magidesign.com> Cc: freebsd-questions@freebsd.org Subject: Re: A question about host... Message-ID: <20030924154643.GD30190@freebie.freebsd.org> In-Reply-To: <3F71A16A.70903@magidesign.com> References: <3F71A16A.70903@magidesign.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[---- On Wed, 24 Sep, 2003 at 9:51, Payne wrote: ----] > Hi, > > I am wanting to use host.allow and host.deny to make my box more secure. > Is there a site that can explain how to use them. If I remember well : The lib libwrap.a corresponds to the famous name "tcp_wrappers". This lib is designed to secure the access of some network services : xinetd,sshd,portmap, ... Syntax of hosts_access files : service:host examples : # Manage ALL tcp_wrapped services for the source address 192.168.1.2 ALL: 192.168.1.2 # Manage the pop3 service for the source address corresponding to the name my.computer.fr pop3d: my.computer.fr You can specify multiple services with the comma (pop3d, in.telnetd) There is also the tag EXCEPT to specify an exception : ALL: EXCEPT 173.22.7.9 Order of reading : The tcp_wrapped network service will read before the hosts.allow and AFTRE the hosts.deny. The current advice is to put the ALL:ALL in the hosts.deny I hope it will help you. > > Thanks, > > Pup > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" [---- End of original mail from Payne ----] -- "No guts No glory" =] PASSELAC Armand [= ( @ @ ) Ingenieur Systemes-Reseaux & Securite ORBYTES INGENIERIE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030924154643.GD30190>