From owner-freebsd-questions@FreeBSD.ORG Wed Sep 24 09:11:39 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 87B6416A4BF for ; Wed, 24 Sep 2003 09:11:39 -0700 (PDT) Received: from mail.tsgincorporated.com (mail.tsgincorporated.com [67.66.242.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4F70C44001 for ; Wed, 24 Sep 2003 09:11:38 -0700 (PDT) (envelope-from micheal@tsgincorporated.com) Received: (from root@localhost) by mail.tsgincorporated.com (8.12.8/8.12.4) id h8OGBXeF025456 for freebsd-questions@freebsd.org; Wed, 24 Sep 2003 11:11:33 -0500 (CDT) (envelope-from micheal@tsgincorporated.com) Received: from MICHEAL (micheal.tsgincorporated.com [67.66.242.77]) h8OGBPeD025435 for ; Wed, 24 Sep 2003 11:11:25 -0500 (CDT) (envelope-from micheal@tsgincorporated.com) Message-ID: <003a01c382b6$80ff9c80$4df24243@tsgincorporated.com> From: "Micheal Patterson" To: References: <3F71A16A.70903@magidesign.com> <20030924154643.GD30190@freebie.freebsd.org> Date: Wed, 24 Sep 2003 11:11:20 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Virus-Scanned: by AMaViS 0.3.12 Subject: Re: A question about host... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Sep 2003 16:11:39 -0000 ----- Original Message ----- From: "Armand Passelac" To: "Payne" Cc: Sent: Wednesday, September 24, 2003 10:46 AM Subject: Re: A question about host... > [---- On Wed, 24 Sep, 2003 at 9:51, Payne wrote: ----] > > Hi, > > > > I am wanting to use host.allow and host.deny to make my box more secure. > > Is there a site that can explain how to use them. > > If I remember well : > > The lib libwrap.a corresponds to the famous name "tcp_wrappers". > This lib is designed to secure the access of some network services : xinetd,sshd,portmap, ... > > Syntax of hosts_access files : > service:host > > examples : > # Manage ALL tcp_wrapped services for the source address 192.168.1.2 > ALL: 192.168.1.2 > # Manage the pop3 service for the source address corresponding to the name my.computer.fr > pop3d: my.computer.fr > > You can specify multiple services with the comma (pop3d, in.telnetd) > There is also the tag EXCEPT to specify an exception : > ALL: EXCEPT 173.22.7.9 > > Order of reading : > The tcp_wrapped network service will read before the hosts.allow and AFTRE the hosts.deny. > The current advice is to put the ALL:ALL in the hosts.deny > > > I hope it will help you. > > Unless things have changed in the 5.x series, libwrap is integrated into inetd now (-w -W flags apply). Also, there is no need for a hosts.deny file as hosts.allow contains both allow and deny entries now. Just have the all:all:deny at the very bottom of hosts.allow. The default hosts.allow file gives examples of how to use the file for access control to various daemons / services. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.