Carlos Konstanski wrote: > > Only one correction: the bit about "hosts on your local network". /etc/hosts > and related files are not limited in their scope to local (LAN) hosts. You > can put any IP address/DNS name mapping you wish in /etc/hosts. And you can > block script kiddies in Asia, Russia, etc. by adding entries in > /etc/hosts.deny. > > The way to think of /etc/hosts is simply as a way to override all DNS > lookups for specified hostnames. /etc/hosts is always consulted first, and > if the information is found there, the real DNS server is never consulted.
Just in case someone runs into an unusual situation, here's a couple more details that could be useful. hosts.deny and host.allow only apply to programs that are linked with tcpwrappers(libwrap). Fortunately this is true of most, if not all network programs one might typically encounter. The order of name resolution is controlled by /etc/nsswitch.conf. The hosts: line could be altered to change the order of lookups or insert things like LDAP, NIS, etc. -- Galen Seitz [email protected] _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
