Date: Thu, 10 Jun 1999 15:14:55 -0700 (MST) From: Steve Grandi <grandi@noao.edu> To: freebsd-stable@freebsd.org Subject: amd and /etc/hosts.allow Message-ID: <Pine.LNX.4.10.9906101502220.29713-100000@mirfak.tuc.noao.edu>
next in thread | raw e-mail | index | archive | help
Ever since the "tcpwrapper enabled" tasks came into use in stable, I can't
get amd to work. If I do something like
cd /host/orion/u3
I am hung forever: no response at all to the keyboard. Ps shows an amd
process stuck in D state.
If I reboot and remove /etc/hosts.allow, and then do the cd command, it
works fine.
So what am I DENYing in /etc/hosts.allow that I need to ALLOW? Any hints in
tracking this down?
I'm running 3.2-STABLE cvsuped today.
Here is my /etc/hosts.allow:
#
# hosts.allow access control file for "tcp wrapped" apps.
# $Id: hosts.allow,v 1.2.2.2 1999/05/11 01:35:01 obrien Exp $
#
# NOTE: The hosts.deny file is not longer used. Instead, put both 'allow'
# and 'deny' rules in the hosts.allow file.
# see hosts_options(5) for the format of this file.
# hosts_access(5) no longer fully applies.
# This is an example! You will need to modify it for your specific
# requirements!
# Start by allowing everything (this prevents the rest of the file
# from working, so remove it when you need protection).
# The rules here work on a "First match wins" basis.
# ALL : ALL : allow
# Wrapping sshd(8) is not normally a good idea, but if you
# need to do it, here's how
#sshd : .evil.cracker.example.com : deny
# Prevent those with no reverse DNS from connecting.
#ALL : PARANOID : RFC931 20 : deny
# Allow anything from localhost and local networks
ALL: 127.0. : allow
ALL: 140.252. : allow
ALL : localhost : allow
ALL : noao.edu : allow
ALL : .noao.edu : allow
# Sendmail can help protect you against spammers and relay-rapers
#sendmail : localhost : allow
#sendmail : .nice.guy.example.com : allow
#sendmail : .evil.cracker.example.com : deny
sendmail : ALL : allow
# Portmapper is used for all RPC services; protect your NFS!
#portmap : localhost : allow
#portmap : .noao.edu : allow
#portmap : .evil.cracker.example.com : deny
portmap : ALL : allow
# Provide a small amount of protection for ftpd
#ftpd : localhost : allow
#ftpd : .nice.guy.example.com : allow
#ftpd : .evil.cracker.example.com : deny
ftpd : ALL : allow
# Block everything else
ALL : ALL : deny
# You need to be clever with finger; do _not_ backfinger!! You can easily
# start a "finger war".
#fingerd : ALL \
# : spawn (echo Finger. | \
# /usr/bin/mail -s "tcpd\: %u@%h[%a] fingered me!" root) & \
# : deny
# The rest of the daemons are protected. Backfinger and log by email.
#ALL : ALL \
# : severity auth.info : spawn (/usr/bin/finger -l @%h | \
# /usr/bin/mail -s "tcpd\: %u@%h[%a] tried to use %d (denied)" root) &
# \
# : twist /bin/echo "You are not welcome to use %d from %h."
Steve Grandi, National Optical Astronomy Observatories/AURA Inc., Tucson AZ USA
Internet: grandi@noao.edu Voice: +1 520 318-8228
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.9906101502220.29713-100000>