Date: Tue, 31 May 2005 16:55:40 +0200 From: Ivan Voras <ivoras@fer.hr> To: Igor Robul <igorr@speechpro.com> Cc: freebsd-stable@freebsd.org Subject: Re: IP Firewalling by DNS name Message-ID: <429C7AEC.6060807@fer.hr> In-Reply-To: <429C791E.7020003@speechpro.com> References: <429C7804.8040709@fer.hr> <429C791E.7020003@speechpro.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Igor Robul wrote: > Ivan Voras wrote: >> What I need it for: I'd like to allow ssh logins only from a specific >> TLD (by reverse lookup...) - maybe there's another way? > > /etc/hosts.allow > man 5 hosts_access How safe is it? As I understand it, sshd actually accepts connections prior to checking hosts.allow? In hosts.allow, there's an example for sshd but it contains: # Wrapping sshd(8) is not normally a good idea, but if you # need to do it, here's how #sshd : .evil.cracker.example.com : deny Why it's not a good idea? :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?429C7AEC.6060807>