[---- On Wed, 24 Sep, 2003 at 11:11, Micheal Patterson wrote: ----] > >
Excuse me Payne, Michael is totaly *right* ! You can see the /etc/hosts.allow ... there is a lot of good examples for you. Thanks Michael for the updating of _my_old_ view ;-) Bye. > > > ----- Original Message ----- > From: "Armand Passelac" <[EMAIL PROTECTED]> > To: "Payne" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Wednesday, September 24, 2003 10:46 AM > Subject: Re: A question about host... > > > > [---- On Wed, 24 Sep, 2003 at 9:51, Payne wrote: ----] > > > Hi, > > > > > > I am wanting to use host.allow and host.deny to make my box more secure. > > > Is there a site that can explain how to use them. > > > > If I remember well : > > > > The lib libwrap.a corresponds to the famous name "tcp_wrappers". > > This lib is designed to secure the access of some network services : > xinetd,sshd,portmap, ... > > > > Syntax of hosts_access files : > > service:host > > > > examples : > > # Manage ALL tcp_wrapped services for the source address 192.168.1.2 > > ALL: 192.168.1.2 > > # Manage the pop3 service for the source address corresponding to the name > my.computer.fr > > pop3d: my.computer.fr > > > > You can specify multiple services with the comma (pop3d, in.telnetd) > > There is also the tag EXCEPT to specify an exception : > > ALL: EXCEPT 220.127.116.11 > > > > Order of reading : > > The tcp_wrapped network service will read before the hosts.allow and AFTRE > the hosts.deny. > > The current advice is to put the ALL:ALL in the hosts.deny > > > > > > I hope it will help you. > > > > > > Unless things have changed in the 5.x series, libwrap is integrated into > inetd now (-w -W flags apply). Also, there is no need for a hosts.deny file > as hosts.allow contains both allow and deny entries now. Just have the > all:all:deny at the very bottom of hosts.allow. The default hosts.allow > file gives examples of how to use the file for access control to various > daemons / services. > > -- > > Micheal Patterson > TSG Network Administration > 405-917-0600 > > Confidentiality Notice: This e-mail message, including any attachments, is > for the sole use of the intended recipient(s) and may contain confidential > and privileged information. Any unauthorized review, use, disclosure or > distribution is prohibited. If you are not the intended recipient, please > contact the sender by reply e-mail and destroy all copies of the original > message. > > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" [---- End of original mail from Micheal Patterson ----] -- "No guts No glory" =] PASSELAC Armand [= ( @ @ ) Ingenieur Systemes-Reseaux & Securite ORBYTES INGENIERIE _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"