Date: Mon, 20 Jan 1997 14:19:56 -0500 (EST) From: spork <spork@super-g.com> To: Christian Hochhold <expert@dusk.net> Cc: freebsd-isp@freebsd.org Subject: Re: tcp_wrappers Message-ID: <Pine.BSF.3.95.970120141307.12624A-100000@super-g.inch.com> In-Reply-To: <199701180109.VAA06835@eternal.dusk.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Just re-read the man page for tcpd, hosts_access (start here), hosts_options, tcpdcheck, and tcpdmatch... In hosts_access there are examples of the format used and some clever implementations. An example for what you'd like to do would be: in hosts.deny: ALL: ALL in hosts.allow: ALL: .newark.nj.pub-ip.psi.net This would allow anyone dialing into PSI's Newark POP to access ALL wrapped services and disallow anyone else. Note the use of "." instead of "*". Charles On Fri, 17 Jan 1997, Christian Hochhold wrote: > Evenin' > > I have tcp wrappers running on my shell machine, with twist > so it displayes a nice message to any individual trying to > connect who is not in the hosts.allow file. > I've just found that hosts.allow doesn't like wildcards, as > one of my clients is part of another major ISP, and instead > of at least being able to just allow access to the pop where > he dials into, I now have to allow ALL the ISP's POP's to > connect. > Obivously this is a risk, in order to allow one person to > telnet in, I have to allow the whole nation to telnet in > as well. > > I've tried (as examples) > > *@pop-prov*.isp.name > pop*.isp.name > pop-prov.isp.name > > to no avail. Does anyone have any suggestions / recommendations > as to what one can do about this? > > Thank You in advance, > > Christian > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970120141307.12624A-100000>