From owner-freebsd-questions  Wed Aug 25  3: 9:25 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from cx344940-a.meta1.la.home.com (cx344940-a.meta1.la.home.com [24.6.21.74])
	by hub.freebsd.org (Postfix) with ESMTP id 08ED71595C
	for <freebsd-questions@FreeBSD.ORG>; Wed, 25 Aug 1999 03:09:22 -0700 (PDT)
	(envelope-from conrads@cx344940-a.meta1.la.home.com)
Received: (from conrads@localhost)
	by cx344940-a.meta1.la.home.com (8.9.3/8.9.2) id FAA13093;
	Wed, 25 Aug 1999 05:05:06 -0500 (CDT)
	(envelope-from conrads)
Message-ID: <XFMail.990825050506.conrads@home.com>
X-Mailer: XFMail 1.3 [p0] on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <6C37EE640B78D2118D2F00A0C90FCB4401105BD7@site2s1>
Date: Wed, 25 Aug 1999 05:05:06 -0500 (CDT)
Organization: @Home Network
From: Conrad Sabatier <conrads@home.com>
To: Christopher Michaels <ChrisMic@clientlogic.com>
Subject: RE: Block port 21?
Cc: freebsd-questions@FreeBSD.ORG, andy0383@twcny.rr.com,
	"cjclark@home.com" <cjclark@home.com>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On 24-Aug-99 Christopher Michaels wrote:
> Is ftpd complied with the tcp wrappers?  And if so, could he just
> put allow and deny rules in his /etc/hosts.allow and
> /etc/hosts.deny files.
> 
> On a similar note, can someone explain to me exactly how these
> work, am I supposed to have one or both?

Hmm.  It depends.  In the latest STABLE sources, I see that
/etc/hosts.deny has been deprecated.  ALL rules should go into
/etc/hosts.allow now.

Of course, YMMV, depending on which version of FreeBSD you're running.

> Because I couldn't get my machine to deny service to anything not
> in hosts.allow until I explicitly denied access to everything in
> hosts.deny.

The rules work on a "first match wins" basis.  So, if you have a rule
that allows access before one that denies it to a host you want to
block, the host will be allowed anyway.

If you want to block anything, do be sure not to enable the rule at
the top of hosts.allow:

ALL : ALL : allow

This will cause anything that comes later to be ignored.

----------------------------------
E-Mail: Conrad Sabatier <conrads@home.com>
Date: 25-Aug-99
Time: 04:59:12

This message was sent by XFMail
----------------------------------


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message