Date: Mon, 26 Jun 2000 18:20:00 +0200 (CEST) From: Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de> To: questions@freebsd.org Subject: tcpd / tcp_wrappers Message-ID: <200006261620.SAA50336@gilberto.physik.rwth-aachen.de>
next in thread | raw e-mail | index | archive | help
I'm having trouble with tcpd. I wanted to establish a bit more protection, e.g. only allow ftpd. But when I remove only the line ALL:ALL:ALLOW, ftpd doesn't work anymore, not even for localhost. Would I be better off with firewall - ipfw? # hosts.allow access control file for "tcp wrapped" applications. # $FreeBSD: src/etc/hosts.allow,v 1.8 2000/02/17 04:52:23 jkh Exp $ # # Start by allowing everything (this prevents the rest of the file # from working, so remove it when you need protection). # The rules here work on a "First match wins" basis. # ALL : ALL : allow # Wrapping sshd(8) is not normally a good idea, but if you # need to do it, here's how #sshd : .evil.cracker.example.com : deny # Prevent those with no reverse DNS from connecting. #ALL : PARANOID : RFC931 20 : deny # Allow anything from localhost ALL : localhost : allow # Provide a small amount of protection for ftpd ftpd : localhost : allow ftpd : ALL : allow # You need to be clever with finger; do _not_ backfinger!! You can easily # start a "finger war". fingerd : ALL \ : spawn (echo Finger. | \ /usr/bin/mail -s "tcpd\: %u@%h[%a] fingered me!" root) & \ : deny # The rest of the daemons are protected. ALL : ALL \ : severity auth.info \ : twist /bin/echo "You are not welcome to use %H from %h." --- -- Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006261620.SAA50336>