Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
On Wed, Apr 18, 2001 at 11:25:23PM -0700, Adam McKenna wrote:
> I think that the main point people are missing here is that in order
> for PARANOID to be anything other than an annoyance, it MUST co-exist
> with hostname-based rules.
no, it performs a useful function when it's the only rule in
/etc/hosts.{allow,deny}
not a hugely useful function, but useful nonetheless.
> What does PARANOID buy on a host that has no other access rules?
by itself, it's effectively "allow connections from anywhere except from
clients playing silly-buggers with their .in-addr.arpa PTR records"
> So we can be pedantic and enforce "correct" DNS configuration? That's
> a bullshit reason.
it's not why we're doing it, but it's not a bad reason all the same.
craig
--
craig sanders <cas@taz.net.au>
GnuPG Key: 1024D/CD5626F0
Key fingerprint: 9674 7EE2 4AC6 F5EF 3C57 52C3 EC32 6810 CD56 26F0
Reply to: