From owner-freebsd-stable Sun Feb 25 4:35:12 2001 Delivered-To: freebsd-stable@freebsd.org Received: from pop3.psconsult.nl (ps226.psconsult.nl [193.67.147.226]) by hub.freebsd.org (Postfix) with ESMTP id ECAA037B503 for ; Sun, 25 Feb 2001 04:35:02 -0800 (PST) (envelope-from paul@pop3.psconsult.nl) Received: (from paul@localhost) by pop3.psconsult.nl (8.9.2/8.9.2) id NAA05057 for freebsd-stable@FreeBSD.ORG; Sun, 25 Feb 2001 13:35:00 +0100 (CET) (envelope-from paul) Date: Sun, 25 Feb 2001 13:35:00 +0100 From: Paul Schenkeveld To: freebsd-stable@FreeBSD.ORG Subject: Blocking unresolvable IP addresses with tcpwrappers Message-ID: <20010225133500.A4927@psconsult.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, I'm trying to block incoming connections from hosts whose IP addresses do not resolve. The services that need to be protected are started from inetd which I started as 'inetd -wW -l'. In /etc/hosts.allow my first entry is: # Prevent those with no reverse DNS from connecting. ALL : PARANOID : RFC931 20 : deny taken from the example. I still can connect to those services from a host whose IP address has no PTR record in DNS and the connection is still accepted. I could not find documentation about the PARANOID keyword in hosts_access(3) nor in hosts_options(5) and it looks like the RFC931 option is not related to DNS but to IDENT authentication. Did I overlook some documentation? Can somebody help me get these services protected? Any help is welcome. BTW. I checked both with 3.5-RELEASE and with 4.2-STABLE (as of feb 18, 2001). Thanks, Paul Schenkeveld To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message