Date: Tue, 21 Sep 1999 00:46:31 -0700 From: "Robert Sowders" <rsowders@usgs.gov> To: freebsd-questions@FreeBSD.ORG, abrandt@globalcenter.net Subject: Re: Tcp Wrappers Message-ID: <s7e6d587.098@usgs.gov>
next in thread | raw e-mail | index | archive | help
Have you taken a look at the /etc/hosts.allow? It really is commented pretty well, but if your still=20 having problems take a look at. http://www.dvl-software.com/freebsd/tcpwrapper.htm#output Next Question: You do know that in 3.2 tcp_wrappers is there by default? You do not need to install it. Just configure the=20 /etc/hosts.allow=20 check man hosts_access(5) and man hosts_options(5) There is only a short blurb in man inetd about it being wrapped. Now every program started by inetd is or can be wrapped and=20 controlled from one conf file in /etc Next Question: Did you check the Makefile for ssh to ensure that it was compiled with libwrap? This will need to happen if your=20 going to use tcp_wrappers to limit access to ssh. I know I didn't give you a step by step, but I really can't with the=20 info provided and you and everyone else may learn more than=20 you need by looking at the info supplied. here is what is in my /etc/hosts.allow for ssh sshd : evil.cracker.example.com : deny This will deny ssh connections from evil.cracker.example.com and=20 allow connections from everyone else. Simple eh. This is assuming that your sshd was compiled with libwrap. Remember the hosts.allow file is read from the top down so if you ALL : deny then it will stop there, read no further and disallow the connection. If you really want to revert back to the tcpd way then you could install ssh and rename the /etc/hosts.allow redo your inetd.conf to include the tcpd for each service, then use=20 /usr/local/etc/hosts.allow and deny again. but it's not a clean=20 way to do it and there might be problems that I'm not aware of. Give the right way a chance and it should work for you. Hope this helps. ############################################ "if...you can't be a good example, then you'll just have to be a horrible warning" - c. aird ############################################ "once you pull the pin, mr. grenade is no longer your friend." ############################################ >>> Aaron Brandt <abrandt@globalcenter.net> 9/20/99 6:35:10 PM >>> I am running 3.2 release, I have installed tcp wrappers and I cannot for the life of me get it to work correctly. If I have all : all :allow it allows anything this is understood, If I have it commented out and = have=20 sshd : domain : allow sshd : domain@ : deny sshd : all : allow it simply deny`s everyone. I have gone to all the tcp wrapper pages for help and followed just about each one and no luck. can you help or tell me how to revert back to hosts.allow and hosts.deny?=20 Aaron.. To Unsubscribe: send mail to majordomo@FreeBSD.org=20 with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?s7e6d587.098>