From owner-freebsd-questions@FreeBSD.ORG Fri Dec 5 11:03:02 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 58A6610656A7 for ; Fri, 5 Dec 2008 11:03:02 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from mail.rachie.is-a-geek.net (rachie.is-a-geek.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id 2AA6A8FC0A for ; Fri, 5 Dec 2008 11:03:02 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from localhost (mail.rachie.is-a-geek.net [192.168.2.101]) by mail.rachie.is-a-geek.net (Postfix) with ESMTP id 648FCAFBC02; Fri, 5 Dec 2008 02:03:01 -0900 (AKST) From: Mel To: freebsd-questions@freebsd.org, gwg7webbcom@yahoo.com Date: Fri, 5 Dec 2008 12:02:58 +0100 User-Agent: KMail/1.9.7 References: <916515.67967.qm@web52202.mail.re2.yahoo.com> In-Reply-To: <916515.67967.qm@web52202.mail.re2.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200812051202.59160.fbsd.questions@rachie.is-a-geek.net> Cc: Subject: Re: IPFW Firewall Question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Dec 2008 11:03:02 -0000 On Friday 05 December 2008 01:26:04 G magicman wrote: > Why because of the following: > > 1. Hosts.access=A0 on freebsd works on the Application Layer instead of t= he > Network Layer Therefore Hosts.allow/hosts.deny=A0=A0 no longer works the = way i > want and i do not feel like running Sendmail and sshd out of Inetd which > appearantly is the only way to be able to use hosts.allow/deny You're right about the application layer, but not about the rest. From=20 sshd(8): /etc/hosts.allow /etc/hosts.deny Access controls that should be enforced by tcp-wrappers are defined here. Further details are described in hosts_access(5= ). > 2. Next openssh doesnot have an AllowHosts directive like the Finnish one > does it only has an AllowUsers directive so i need to protect the system > from DDOS attacks Again, see above. > and Hacking I already tried to block things using the=20 > Sendmail Access file but all that did was choak up the server with moronic > shit.=A0 And i want to be able to use my sftp program but it opens random > ports which can not be controlled so i need the Clearaddresses to be able > to see all ports. =46or the firewall, pf user here, so others should help. ;) =2D-=20 Mel Problem with today's modular software: they start with the modules and never get to the software part.