Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 31 May 2005 16:55:40 +0200
From:      Ivan Voras <ivoras@fer.hr>
To:        Igor Robul <igorr@speechpro.com>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: IP Firewalling by DNS name
Message-ID:  <429C7AEC.6060807@fer.hr>
In-Reply-To: <429C791E.7020003@speechpro.com>
References:  <429C7804.8040709@fer.hr> <429C791E.7020003@speechpro.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Igor Robul wrote:
> Ivan Voras wrote:

>> What I need it for: I'd like to allow ssh logins only from a specific 
>> TLD (by reverse lookup...) - maybe there's another way?
> 
> /etc/hosts.allow
> man 5 hosts_access

How safe is it? As I understand it, sshd actually accepts connections 
prior to checking hosts.allow?

In hosts.allow, there's an example for sshd but it contains:

# Wrapping sshd(8) is not normally a good idea, but if you
# need to do it, here's how
#sshd : .evil.cracker.example.com : deny

Why it's not a good idea? :)




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?429C7AEC.6060807>