Date: Mon, 26 Jun 2000 18:20:00 +0200 (CEST) From: Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de> To: questions@freebsd.org Subject: tcpd / tcp_wrappers Message-ID: <200006261620.SAA50336@gilberto.physik.rwth-aachen.de>
next in thread | raw e-mail | index | archive | help
I'm having trouble with tcpd. I wanted to establish a bit
more protection, e.g. only allow ftpd. But when I remove only
the line ALL:ALL:ALLOW, ftpd doesn't work anymore, not even for localhost.
Would I be better off with firewall - ipfw?
# hosts.allow access control file for "tcp wrapped" applications.
# $FreeBSD: src/etc/hosts.allow,v 1.8 2000/02/17 04:52:23 jkh Exp $
#
# Start by allowing everything (this prevents the rest of the file
# from working, so remove it when you need protection).
# The rules here work on a "First match wins" basis.
# ALL : ALL : allow
# Wrapping sshd(8) is not normally a good idea, but if you
# need to do it, here's how
#sshd : .evil.cracker.example.com : deny
# Prevent those with no reverse DNS from connecting.
#ALL : PARANOID : RFC931 20 : deny
# Allow anything from localhost
ALL : localhost : allow
# Provide a small amount of protection for ftpd
ftpd : localhost : allow
ftpd : ALL : allow
# You need to be clever with finger; do _not_ backfinger!! You can easily
# start a "finger war".
fingerd : ALL \
: spawn (echo Finger. | \
/usr/bin/mail -s "tcpd\: %u@%h[%a] fingered me!" root) & \
: deny
# The rest of the daemons are protected.
ALL : ALL \
: severity auth.info \
: twist /bin/echo "You are not welcome to use %H from %h."
---
--
Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006261620.SAA50336>