Date: Tue, 24 Aug 1999 13:28:59 -0400 From: Christopher Michaels <ChrisMic@clientlogic.com> To: "'cjclark@home.com'" <cjclark@home.com> Cc: "FreeBSD Questions (E-mail)" <questions@FreeBSD.org> Subject: RE: Block port 21? Message-ID: <6C37EE640B78D2118D2F00A0C90FCB4401105BDE@site2s1>
next in thread | raw e-mail | index | archive | help
I read that man page and those 3 paragraphs and they can be mis-interpeted depending on how you read them. I am a bit confused. I was basically asking if the following interpretation is correct? 1. a. Check hosts.allow, allow access to any matching lines. b. Check hosts.deny, deny access to any matching lines. c. Allow access to anything not covered in the above 2 files. I understood it to be the following... 2. a. If hosts.allow exists, allow access to any matching lines, deny all others. b. If hosts.deny exists, deny access to any matching lines, allow all others. c. If neither exist, allow all access. Thanks, -Chris > -----Original Message----- > From: Crist J. Clark [SMTP:cjc@cc942873-a.ewndsr1.nj.home.com] > Sent: Tuesday, August 24, 1999 12:51 PM > To: ChrisMic@clientlogic.com > Subject: Re: Block port 21? > > Christopher Michaels wrote, > > Is ftpd complied with the tcp wrappers? And if so, could he just put > allow > > and deny rules in his /etc/hosts.allow and /etc/hosts.deny files. > > Not exactly sure about this. Do daemons need TCP wrapper support > compiled in? I thought tcpd did all the work for them. I do not see > mention of wrappers in /usr/src/libexec/ftpd/Makefile. > > > On a similar note, can someone explain to me exactly how these work, am > I > > supposed to have one or both? > > man 5 hosts_access > > > Because I couldn't get my machine to deny service to anything not in > > hosts.allow until I explicitly denied access to everything in > > hosts.deny. > > Very near the beginning of the above manpage, > > ACCESS CONTROL FILES > The access control software consults two files. The search > stops at the first match: > > o Access will be granted when a (daemon,client) pair > matches an entry in the /etc/hosts.allow file. > > o Otherwise, access will be denied when a (dae- > mon,client) pair matches an entry in the > /etc/hosts.deny file. > > o Otherwise, access will be granted. > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > A non-existing access control file is treated as if it > were an empty file. Thus, access control can be turned off > by providing no access control files. > > HTH. > -- > Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6C37EE640B78D2118D2F00A0C90FCB4401105BDE>