Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 5 Dec 2008 11:29:40 -0800 (PST)
From:      G magicman <gwg7webbcom@yahoo.com>
To:        freebsd-questions@freebsd.org, Mel <fbsd.questions@rachie.is-a-geek.net>
Subject:   Re: IPFW Firewall Question
Message-ID:  <198267.54082.qm@web52209.mail.re2.yahoo.com>
In-Reply-To: <200812051202.59160.fbsd.questions@rachie.is-a-geek.net>
next in thread | previous in thread | raw e-mail | index | archive | help 


I have tried this it did not work and the Co-Lo people are convinced that s=
shd and sendmail
need to be run out of inetd.conf for this to work

As i said i am used to BSDI=A0 and the Finnish SSHD=20

Also here they are using the combined hosts.allow/deny=A0 with the deny ins=
ide which i never liked
Thank you for your help on this


Garrett

--- On Fri, 12/5/08, Mel <fbsd.questions@rachie.is-a-geek.net> wrote:
From: Mel <fbsd.questions@rachie.is-a-geek.net>
Subject: Re: IPFW Firewall Question
To: freebsd-questions@freebsd.org, gwg7webbcom@yahoo.com
Date: Friday, December 5, 2008, 6:02 AM

On Friday 05 December 2008 01:26:04 G magicman wrote:

> Why because of the following:
>
> 1. Hosts.access=A0 on freebsd works on the Application Layer instead of t=
he
> Network Layer Therefore Hosts.allow/hosts.deny=A0=A0 no longer works the =
way
i
> want and i do not feel like running Sendmail and sshd out of Inetd which
> appearantly is the only way to be able to use hosts.allow/deny

You're right about the application layer, but not about the rest. From=20
sshd(8):
     /etc/hosts.allow
     /etc/hosts.deny
             Access controls that should be enforced by tcp-wrappers are
             defined here.  Further details are described in hosts_access(5=
).

> 2. Next openssh doesnot have an AllowHosts directive like the Finnish one
> does it only has an AllowUsers directive so i need to protect the system
> from DDOS attacks

Again, see above.

> and Hacking I already tried to block things using the=20
> Sendmail Access file but all that did was choak up the server with moroni=
c
> shit.=A0 And i want to be able to use my sftp program but it opens random
> ports which can not be controlled so i need the Clearaddresses to be able
> to see all ports.

For the firewall, pf user here, so others should help. ;)

--=20
Mel

Problem with today's modular software: they start with the modules
    and never get to the software part.
=0A=0A=0A

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?198267.54082.qm>