[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default



On Wed, Apr 18, 2001 at 11:25:23PM -0700, Adam McKenna wrote:
> I think that the main point people are missing here is that in order
> for PARANOID to be anything other than an annoyance, it MUST co-exist
> with hostname-based rules.

no, it performs a useful function when it's the only rule in
/etc/hosts.{allow,deny}

not a hugely useful function, but useful nonetheless.

> What does PARANOID buy on a host that has no other access rules?

by itself, it's effectively "allow connections from anywhere except from
clients playing silly-buggers with their .in-addr.arpa PTR records"


> So we can be pedantic and enforce "correct" DNS configuration?  That's
> a bullshit reason.

it's not why we're doing it, but it's not a bad reason all the same.

craig

--
craig sanders <cas@taz.net.au>

      GnuPG Key: 1024D/CD5626F0 
Key fingerprint: 9674 7EE2 4AC6 F5EF 3C57  52C3 EC32 6810 CD56 26F0



Reply to: