Date: Wed, 24 Sep 2003 11:11:20 -0500 From: "Micheal Patterson" <micheal@tsgincorporated.com> To: <freebsd-questions@freebsd.org> Subject: Re: A question about host... Message-ID: <003a01c382b6$80ff9c80$4df24243@tsgincorporated.com> References: <3F71A16A.70903@magidesign.com> <20030924154643.GD30190@freebie.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Armand Passelac" <apasselac@free.fr> To: "Payne" <payne@magidesign.com> Cc: <freebsd-questions@freebsd.org> Sent: Wednesday, September 24, 2003 10:46 AM Subject: Re: A question about host... > [---- On Wed, 24 Sep, 2003 at 9:51, Payne wrote: ----] > > Hi, > > > > I am wanting to use host.allow and host.deny to make my box more secure. > > Is there a site that can explain how to use them. > > If I remember well : > > The lib libwrap.a corresponds to the famous name "tcp_wrappers". > This lib is designed to secure the access of some network services : xinetd,sshd,portmap, ... > > Syntax of hosts_access files : > service:host > > examples : > # Manage ALL tcp_wrapped services for the source address 192.168.1.2 > ALL: 192.168.1.2 > # Manage the pop3 service for the source address corresponding to the name my.computer.fr > pop3d: my.computer.fr > > You can specify multiple services with the comma (pop3d, in.telnetd) > There is also the tag EXCEPT to specify an exception : > ALL: EXCEPT 173.22.7.9 > > Order of reading : > The tcp_wrapped network service will read before the hosts.allow and AFTRE the hosts.deny. > The current advice is to put the ALL:ALL in the hosts.deny > > > I hope it will help you. > > Unless things have changed in the 5.x series, libwrap is integrated into inetd now (-w -W flags apply). Also, there is no need for a hosts.deny file as hosts.allow contains both allow and deny entries now. Just have the all:all:deny at the very bottom of hosts.allow. The default hosts.allow file gives examples of how to use the file for access control to various daemons / services. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003a01c382b6$80ff9c80$4df24243>