Date: Sun, 25 Feb 2001 13:35:00 +0100 From: Paul Schenkeveld <paul@psconsult.nl> To: freebsd-stable@FreeBSD.ORG Subject: Blocking unresolvable IP addresses with tcpwrappers Message-ID: <20010225133500.A4927@psconsult.nl>
next in thread | raw e-mail | index | archive | help
Hello,
I'm trying to block incoming connections from hosts whose IP
addresses do not resolve. The services that need to be protected
are started from inetd which I started as 'inetd -wW -l'.
In /etc/hosts.allow my first entry is:
# Prevent those with no reverse DNS from connecting.
ALL : PARANOID : RFC931 20 : deny
taken from the example. I still can connect to those services
from a host whose IP address has no PTR record in DNS and the
connection is still accepted. I could not find documentation
about the PARANOID keyword in hosts_access(3) nor in
hosts_options(5) and it looks like the RFC931 option is not
related to DNS but to IDENT authentication.
Did I overlook some documentation? Can somebody help me get
these services protected? Any help is welcome.
BTW. I checked both with 3.5-RELEASE and with 4.2-STABLE (as of
feb 18, 2001).
Thanks,
Paul Schenkeveld
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010225133500.A4927>