Date: Sun, 25 Feb 2001 14:19:58 +0000 From: David Malone <dwmalone@maths.tcd.ie> To: Paul Schenkeveld <paul@psconsult.nl> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: Blocking unresolvable IP addresses with tcpwrappers Message-ID: <20010225141958.A30667@lanczos.maths.tcd.ie> In-Reply-To: <20010225133500.A4927@psconsult.nl>; from paul@psconsult.nl on Sun, Feb 25, 2001 at 01:35:00PM %2B0100 References: <20010225133500.A4927@psconsult.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Feb 25, 2001 at 01:35:00PM +0100, Paul Schenkeveld wrote: > In /etc/hosts.allow my first entry is: > > # Prevent those with no reverse DNS from connecting. > ALL : PARANOID : RFC931 20 : deny > > taken from the example. I still can connect to those services > from a host whose IP address has no PTR record in DNS and the > connection is still accepted. I think you want UNKNOWN not PARANOID. UNKNOWN matches hosts which have no DNS records, as far as I remember PARANOID matches hosts which have DNS records, but for which the double lookup doesn't match. David. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010225141958.A30667>