Another thing might be services which don't use TCP Wrappers like sshd compiled without the --with-libwrap option etc - these services won't care what's in the hosts.* files.
Regards, Marcin Pacyna -----Original Message----- From: Nathan [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 06, 2000 3:19 PM To: [EMAIL PROTECTED] Cc: debian-isp Subject: Re: hosts.deny PARANOID does not mean "anyone" it means anyone who the reverse DNS lookup fails on. Trty: hosts.allow: ALL: X.X.X.X (replace as needed ;) hosts.deny: ALL: ALL -Nathan On Wed, 6 Sep 2000 [EMAIL PROTECTED] wrote: > Hello ISPers, > I have a question re: security. > I my hosts.deny I have: > > # The PARANOID wildcard matches any host whose name does not match its > # address. > ALL: PARANOID > > Basically I am trying to deny all but one IP address to any service. Yet I > wanted to test it by trying to open a ssh session to the machine and I can > ssh in just fine. I was wondering what I was doing wrong in my > host.deny. I have nothing in my host.allow also. > > Any advice appriciated. > > D. Ghost > > 'space ghost and debian ghost are one' > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] ------------------------------------------------------------------------- This email server is running an evaluation copy of the MailShield anti- spam software. Please contact your email administrator if you have any questions about this message. MailShield product info: www.mailshield.com
