Cito Maramba wrote:
> On Wed, 16 Aug 2000, dwen wrote:
> >
> >
> > Using tcp wrappers how would i deny a single IP from accessing my
> > pop3 server assuming i have already an entry in /etc/hosts.allow
> > with the line : in.ipop3d 0.0.0.0/0.0.0.0
> >
> >
> >
>
> change the line in hosts.allow to
>
> in.ipop3d : ALL EXCEPT IP.YOU.WANNA.BLOCK
>
> then as added insurance you can have the following in hosts.deny
>
> in.ipop3d : IP.YOU.WANNA.BLOCK
>
> (goes without saying that you replace IP.YOU.WANNA.BLOCK with the correct
> IP address)
>
this is depends on your policy if you want to allow the client to access your pop3
service outside or inside or both of your network segment. if both, cito's line is
correct. if not, just replace the word ALL into more specific address.
on the safe side, always allow all you want to allow inside host.allow and block
everything inside hosts.deny. for example:
/etc/hosts.allow
daemon: allow_address [except disallow_address]
/etc/hosts.deny
ALL:ALL
the search rule there is that, hosts.allow will be search first and if found, it
will stop the search pattern and granted to pass thru. if not, hosts.deny the next
to be search. if it still found nothing, it will allow to pass thru. since
hosts.deny contains all:all, it will surely deny all kinds of daemons in case you
forgot to declare inside hosts.allow.
fooler.
-
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
