From owner-freebsd-questions@FreeBSD.ORG  Fri Dec  5 19:29:42 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2DC8B1065678
	for <freebsd-questions@freebsd.org>;
	Fri,  5 Dec 2008 19:29:42 +0000 (UTC)
	(envelope-from gwg7webbcom@yahoo.com)
Received: from web52209.mail.re2.yahoo.com (web52209.mail.re2.yahoo.com
	[206.190.48.132])
	by mx1.freebsd.org (Postfix) with SMTP id CE1128FC30
	for <freebsd-questions@freebsd.org>;
	Fri,  5 Dec 2008 19:29:41 +0000 (UTC)
	(envelope-from gwg7webbcom@yahoo.com)
Received: (qmail 54453 invoked by uid 60001); 5 Dec 2008 19:29:41 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
	h=X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Message-ID;
	b=Lcv9bBaA1cZQCxV8tFix3w+cl+UpMWXvr2aEcXwD1qIRYHfyVVle5BEpRP/3oVlvasn63SHGlpf6Nn3pAcIEcPivMQElbyFZbH+wMYt0VRNo0NuomHMTDJLiZlK6TphlDrxhEs3IHEOdoAGkYb527mliaODxQycflYPRbxUSBQo=;
X-YMail-OSG: nC8ltkEVM1k8CDIo_9kQvmQiTPig_On4ORc2DNAQ2iWN5MWnJjuJMJYkFZ16PWuW3Q7ovMf7OM0VNrz8wlbZJNKNYGAHYRPFau2Xg8ilHrA4xB4HC93XkqKjNUxSbdjpXjimWL7SOCOCUDFEedQxdX3PqXMURuhhFqkKihwK4AQ82A--
Received: from [71.180.152.129] by web52209.mail.re2.yahoo.com via HTTP;
	Fri, 05 Dec 2008 11:29:40 PST
X-Mailer: YahooMailWebService/0.7.260.1
Date: Fri, 5 Dec 2008 11:29:40 -0800 (PST)
From: G magicman <gwg7webbcom@yahoo.com>
To: freebsd-questions@freebsd.org, Mel <fbsd.questions@rachie.is-a-geek.net>
In-Reply-To: <200812051202.59160.fbsd.questions@rachie.is-a-geek.net>
MIME-Version: 1.0
Message-ID: <198267.54082.qm@web52209.mail.re2.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: 
Subject: Re: IPFW Firewall Question
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: gwg7webbcom@yahoo.com
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Dec 2008 19:29:42 -0000



I have tried this it did not work and the Co-Lo people are convinced that s=
shd and sendmail
need to be run out of inetd.conf for this to work

As i said i am used to BSDI=A0 and the Finnish SSHD=20

Also here they are using the combined hosts.allow/deny=A0 with the deny ins=
ide which i never liked
Thank you for your help on this


Garrett

--- On Fri, 12/5/08, Mel <fbsd.questions@rachie.is-a-geek.net> wrote:
From: Mel <fbsd.questions@rachie.is-a-geek.net>
Subject: Re: IPFW Firewall Question
To: freebsd-questions@freebsd.org, gwg7webbcom@yahoo.com
Date: Friday, December 5, 2008, 6:02 AM

On Friday 05 December 2008 01:26:04 G magicman wrote:

> Why because of the following:
>
> 1. Hosts.access=A0 on freebsd works on the Application Layer instead of t=
he
> Network Layer Therefore Hosts.allow/hosts.deny=A0=A0 no longer works the =
way
i
> want and i do not feel like running Sendmail and sshd out of Inetd which
> appearantly is the only way to be able to use hosts.allow/deny

You're right about the application layer, but not about the rest. From=20
sshd(8):
     /etc/hosts.allow
     /etc/hosts.deny
             Access controls that should be enforced by tcp-wrappers are
             defined here.  Further details are described in hosts_access(5=
).

> 2. Next openssh doesnot have an AllowHosts directive like the Finnish one
> does it only has an AllowUsers directive so i need to protect the system
> from DDOS attacks

Again, see above.

> and Hacking I already tried to block things using the=20
> Sendmail Access file but all that did was choak up the server with moroni=
c
> shit.=A0 And i want to be able to use my sftp program but it opens random
> ports which can not be controlled so i need the Clearaddresses to be able
> to see all ports.

For the firewall, pf user here, so others should help. ;)

--=20
Mel

Problem with today's modular software: they start with the modules
    and never get to the software part.
=0A=0A=0A