Re: /etc/host.deny and co
Thank you very much!
Another question if you don't mind?
Someone mentionned ipfwadm. What do you think about it, how does it
compare
to tcpwrapper? Does one has to recompile the kernel to use ipfwadm ?
Thanks again
--
Linh Dang
Daniel Martin wrote:
>
> Linh Dang <Linh.Dang.linhd@nt.com> writes:
>
> > Hi
> >
> > I want to deny telnet, ftp and smtp connection from ANY other sites.
> > But I want to accept http connection, pull down pop3, imap and
> > send out mail (smtp).
> >
> > How do I setup /etc/host.deny, /etc/host.allow and CO. I will RTFM
> > but since security is so important (that why I choose Debian) I'd like
> > to hear all the tips, tricks and know all traps, pitfalls...
>
> Well, /etc/hosts.allow and hosts.deny doesn't affect sending out mail,
> or http connections (since apache isn't run with tcpwrappers). Also,
> pulling down pop3 and imap just means that your machine has to accept
> mail coming from localhost.
>
> Here's what I'd recommend for /etc/hosts.allow:
> # Some coments
> ALL: ALL@127.0.
>
> And for /etc/hosts.deny:
> # Some comments
> ALL: ALL@ALL
>
> This will allow connections from anyone with an IP address beginning
> with "127.0." - this should be only localhost, and although people
> outside your machine can fake individual inbound packets with this IP
> address, they can't actually establish a connection this way, because
> of the dialog that needs to happen to initiate a connection. Any
> other connections will be denied.
>
> If you want to monitor who's trying to do what, you could do what I do
> in my hosts.deny:
> ALL: ALL@ALL : rfc931 : spawn ((echo %c %a contacting %d; /bin/netstat --inet -n; echo traceroute -p 31434 %a) > /tmp/watch.$$ 2>&1)
>
> Of course, then you have to periodically go and look at those files...
>
> Hmmm - I see someone wanted to talk to nmbd on Sunday; I wish I'd
> noticed at the time...
Reply to: