Date: Wed, 24 Sep 2003 20:37:53 +0200 From: Armand Passelac <apasselac@free.fr> To: Micheal Patterson <micheal@tsgincorporated.com> Cc: freebsd-questions@freebsd.org Subject: Re: A question about host... Message-ID: <20030924183753.GA31085@freebie.freebsd.org> In-Reply-To: <003a01c382b6$80ff9c80$4df24243@tsgincorporated.com> References: <3F71A16A.70903@magidesign.com> <20030924154643.GD30190@freebie.freebsd.org> <003a01c382b6$80ff9c80$4df24243@tsgincorporated.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[---- On Wed, 24 Sep, 2003 at 11:11, Micheal Patterson wrote: ----] > > Excuse me Payne, Michael is totaly *right* ! You can see the /etc/hosts.allow ... there is a lot of good examples for you. Thanks Michael for the updating of _my_old_ view ;-) Bye. > > > ----- Original Message ----- > From: "Armand Passelac" <apasselac@free.fr> > To: "Payne" <payne@magidesign.com> > Cc: <freebsd-questions@freebsd.org> > Sent: Wednesday, September 24, 2003 10:46 AM > Subject: Re: A question about host... > > > > [---- On Wed, 24 Sep, 2003 at 9:51, Payne wrote: ----] > > > Hi, > > > > > > I am wanting to use host.allow and host.deny to make my box more secure. > > > Is there a site that can explain how to use them. > > > > If I remember well : > > > > The lib libwrap.a corresponds to the famous name "tcp_wrappers". > > This lib is designed to secure the access of some network services : > xinetd,sshd,portmap, ... > > > > Syntax of hosts_access files : > > service:host > > > > examples : > > # Manage ALL tcp_wrapped services for the source address 192.168.1.2 > > ALL: 192.168.1.2 > > # Manage the pop3 service for the source address corresponding to the name > my.computer.fr > > pop3d: my.computer.fr > > > > You can specify multiple services with the comma (pop3d, in.telnetd) > > There is also the tag EXCEPT to specify an exception : > > ALL: EXCEPT 173.22.7.9 > > > > Order of reading : > > The tcp_wrapped network service will read before the hosts.allow and AFTRE > the hosts.deny. > > The current advice is to put the ALL:ALL in the hosts.deny > > > > > > I hope it will help you. > > > > > > Unless things have changed in the 5.x series, libwrap is integrated into > inetd now (-w -W flags apply). Also, there is no need for a hosts.deny file > as hosts.allow contains both allow and deny entries now. Just have the > all:all:deny at the very bottom of hosts.allow. The default hosts.allow > file gives examples of how to use the file for access control to various > daemons / services. > > -- > > Micheal Patterson > TSG Network Administration > 405-917-0600 > > Confidentiality Notice: This e-mail message, including any attachments, is > for the sole use of the intended recipient(s) and may contain confidential > and privileged information. Any unauthorized review, use, disclosure or > distribution is prohibited. If you are not the intended recipient, please > contact the sender by reply e-mail and destroy all copies of the original > message. > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" [---- End of original mail from Micheal Patterson ----] -- "No guts No glory" =] PASSELAC Armand [= ( @ @ ) Ingenieur Systemes-Reseaux & Securite ORBYTES INGENIERIE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030924183753.GA31085>