Date: Thu, 4 Feb 1999 00:37:03 +0100 From: "H. Eckert" <ripley@nostromo.in-berlin.de> To: security@FreeBSD.ORG Subject: Re: hosts.allow and deny! Message-ID: <19990204003703.F7397@nortobor.nostromo.in-berlin.de> In-Reply-To: <36b7a502.193777517@mail.sentex.net>; from Mike Tancsa on Wed, Feb 03, 1999 at 01:32:25AM %2B0000 References: <MAILPine.GSO.3.96.990202112911.8764A-100000@ai.asu.edu> <36b7a502.193777517@mail.sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Mike Tancsa (mike@sentex.net): > Then in /usr/local/etc/hosts.deny > ALL:ALL > In /usr/local/etc/hosts.allow > goodhost.com I seem to remember that tcp_wrapper was configured slightly different but the manpage didn't reflect the change for the newer version. I didn't succeed at all with a hosts.deny but see my hosts.allow below for my configuratiion. I use it in combination with a firewalling rule: ipfw add 2200 reset tcp from any to <my-ip> pop3 setup via ipi0 The result is that I can run qpopper on my machine without having to worry about exploits. It can be acessed from machines inside my local net but not from outside and the machines in the inner net are able to pop3 to foreign servers, too. (The "ipi0" in the rule is my outside interface, a dialup isdn link) ====8<==== /usr/local/etc/hosts.allow ==== # Wed Oct 7 03:00:00 CEST 1998 popper : LOCAL 10.175. : allow popper : ALL : deny ALL : ALL Greetings, Ripley -- H. Eckert, 10777 Berlin, Germany, http://www.in-berlin.de/User/nostromo/ ISO 8859-1: Ä=Ae, Ö=Oe, Ü=Ue, ä=ae, ö=oe, ü=ue, ß=sz. "(Technobabbel)" (Jetrel) - "Müssen wir uns diesen Schwachsinn wirklich anhören?" (Neelix) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990204003703.F7397>