On Wed, Dec 29, 1999 at 08:47:18PM -0500, Carl Fink wrote:
> ALL: LOCAL 198.168.1.*
You don't want the trailing '*' there - the . does wildcard matching by
itself. I suspect you will find that "198.168.1.*" trys to match a host
by that name. Also, don't you mean to have your local network be in
192.168?
> Since my laptop is 198.168.0.2, this *shouldn't even work*. (I
> originally typoed the IP address and just noticed it while typing this
> message!) However, since adding that line to hosts.allow, suddenly my
> box is open *from any host anywhere*. I've just confirmed this by
> telnetting to my ISP's host and playing: my ftp, telnet, and SMTP
> ports are all open.
I don't think it's the fault of that line, though - the default is to
grant access unless it's denied.
> The only uncommented line in hosts.deny is
> ALL: PARANOID
> Surely that should be blocking anything not on my local LAN. What's
> up?
No. It only does a consistency check on the connecting host. From
hosts_access(5):
PARANOID
Matches any host whose name does not match its
address. When tcpd is built with -DPARANOID
(default mode), it drops requests from such clients
even before looking at the access control tables.
Build without -DPARANOID when you want more control
over such requests.
To deny everything from everywhere, say "ALL: ALL".
--
Mark Brown mailto:broonie@tardis.ed.ac.uk (Trying to avoid grumpiness)
http://www.tardis.ed.ac.uk/~broonie/
EUFS http://www.eusa.ed.ac.uk/societies/filmsoc/
Attachment:
pgpCvBISTZYVv.pgp
Description: PGP signature