From owner-freebsd-stable  Sun Feb 25  6:20: 3 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11])
	by hub.freebsd.org (Postfix) with SMTP id B9E3B37B503
	for <freebsd-stable@FreeBSD.ORG>; Sun, 25 Feb 2001 06:19:59 -0800 (PST)
	(envelope-from dwmalone@maths.tcd.ie)
Received: from lanczos.maths.tcd.ie by salmon.maths.tcd.ie with SMTP
          id <aa34958@salmon>; 25 Feb 2001 14:19:59 +0000 (GMT)
Date: Sun, 25 Feb 2001 14:19:58 +0000
From: David Malone <dwmalone@maths.tcd.ie>
To: Paul Schenkeveld <paul@psconsult.nl>
Cc: freebsd-stable@FreeBSD.ORG
Subject: Re: Blocking unresolvable IP addresses with tcpwrappers
Message-ID: <20010225141958.A30667@lanczos.maths.tcd.ie>
References: <20010225133500.A4927@psconsult.nl>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010225133500.A4927@psconsult.nl>; from paul@psconsult.nl on Sun, Feb 25, 2001 at 01:35:00PM +0100
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, Feb 25, 2001 at 01:35:00PM +0100, Paul Schenkeveld wrote:
> In /etc/hosts.allow my first entry is:
> 
>     # Prevent those with no reverse DNS from connecting.
>     ALL : PARANOID : RFC931 20 : deny
> 
> taken from the example.  I still can connect to those services
> from a host whose IP address has no PTR record in DNS and the
> connection is still accepted.

I think you want UNKNOWN not PARANOID. UNKNOWN matches hosts which
have no DNS records, as far as I remember PARANOID matches hosts
which have DNS records, but for which the double lookup doesn't
match.

	David.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message