Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 15 Apr 1996 07:58:31 -0500 (CDT)
From:      "John A. Perry" <perry@alpha.jpunix.com>
To:        Irvine Short <ishort@pcm.co.za>
Cc:        questions@freebsd.org
Subject:   Re: TCP Wrapper
Message-ID:  <Pine.BSF.3.91.960415075255.14707A-100000@alpha.jpunix.com>
In-Reply-To: <199604151134.NAA01080@pcmgate.pcm.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help 
-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 15 Apr 1996, Irvine Short wrote:

> Date: Mon, 15 Apr 1996 13:38:24 +2
> From: Irvine Short <ishort@pcm.co.za>
> To: questions@freebsd.org
> Subject: TCP Wrapper
> 
> Hi All
> 
> I have a problem with this.
> 
> my hosts.allow has
> 
> fingerd         : LOCAL 
> telnetd         : LOCAL 
> 
> and my hosts.deny has:
> 
> bash# cat hosts.deny 
> ALL     :       ALL  
> 
> but I can still telnet in from anywhere.
> 
> Any ideas?

	Yes. I have mine working. It turns out that for some reason the
hosts.deny file is not getting referenced. The answer is to put all the
rules in the hosts.allow file. Here is an excerpt from mine that should
help you. 

fingerd:ALL@ALL:banners /usr/local/etc/tcpd/finger.deny:DENY
ftpd: ALL@ALL:ALLOW
sshd: ALL@ALL:ALLOW
ALL: ALL@ALL:DENY

	You will notice that the additional tokens for ALLOW and DENY
cause the correct action to take place. Please note that I un-commented
the ALL: ALL@ALL:DENY on my system to show you the reference in case you
attempt to try it on my system. I normally allow connections but will turn
it off on certain occasions. 

 John Perry - KG5RG - perry@jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp2.0, a Pine/PGP interface.

iQCVAwUBMXJH71OTpEThrthvAQHCcgP/RICnhCERsNp4Mv9WBwrZZHNbZ7R5V4gU
a/SWLShTwrhsXB6YfIJUhWlCeOEbjI0rpstAF7fNP2o2YawteWuwVwguK8Mug1SG
V5EJ5xBdA21RWeXRo9LoV3tEIHkm/lms9vtveZfi4xUJg0+2/tk5pV/Y/xtRsq98
vmUYA/CYZW0=
=hadV
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960415075255.14707A-100000>