From owner-freebsd-questions  Mon Apr 15 05:58:56 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id FAA15489
          for questions-outgoing; Mon, 15 Apr 1996 05:58:56 -0700 (PDT)
Received: from alpha.jpunix.com (root@vishnu.alias.net [199.3.234.18])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id FAA15484
          for <questions@freebsd.org>; Mon, 15 Apr 1996 05:58:52 -0700 (PDT)
Received: (from perry@localhost) by alpha.jpunix.com (8.7.5/8.6.12) id HAA14930; Mon, 15 Apr 1996 07:58:32 -0500 (CDT)
Date: Mon, 15 Apr 1996 07:58:31 -0500 (CDT)
From: "John A. Perry" <perry@alpha.jpunix.com>
To: Irvine Short <ishort@pcm.co.za>
cc: questions@freebsd.org
Subject: Re: TCP Wrapper
In-Reply-To: <199604151134.NAA01080@pcmgate.pcm.co.za>
Message-ID: <Pine.BSF.3.91.960415075255.14707A-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 15 Apr 1996, Irvine Short wrote:

> Date: Mon, 15 Apr 1996 13:38:24 +2
> From: Irvine Short <ishort@pcm.co.za>
> To: questions@freebsd.org
> Subject: TCP Wrapper
> 
> Hi All
> 
> I have a problem with this.
> 
> my hosts.allow has
> 
> fingerd         : LOCAL 
> telnetd         : LOCAL 
> 
> and my hosts.deny has:
> 
> bash# cat hosts.deny 
> ALL     :       ALL  
> 
> but I can still telnet in from anywhere.
> 
> Any ideas?

	Yes. I have mine working. It turns out that for some reason the
hosts.deny file is not getting referenced. The answer is to put all the
rules in the hosts.allow file. Here is an excerpt from mine that should
help you. 

fingerd:ALL@ALL:banners /usr/local/etc/tcpd/finger.deny:DENY
ftpd: ALL@ALL:ALLOW
sshd: ALL@ALL:ALLOW
ALL: ALL@ALL:DENY

	You will notice that the additional tokens for ALLOW and DENY
cause the correct action to take place. Please note that I un-commented
the ALL: ALL@ALL:DENY on my system to show you the reference in case you
attempt to try it on my system. I normally allow connections but will turn
it off on certain occasions. 

 John Perry - KG5RG - perry@jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp2.0, a Pine/PGP interface.

iQCVAwUBMXJH71OTpEThrthvAQHCcgP/RICnhCERsNp4Mv9WBwrZZHNbZ7R5V4gU
a/SWLShTwrhsXB6YfIJUhWlCeOEbjI0rpstAF7fNP2o2YawteWuwVwguK8Mug1SG
V5EJ5xBdA21RWeXRo9LoV3tEIHkm/lms9vtveZfi4xUJg0+2/tk5pV/Y/xtRsq98
vmUYA/CYZW0=
=hadV
-----END PGP SIGNATURE-----