On Wed, Dec 29, 1999 at 08:47:18PM -0500, Carl Fink wrote: > ALL: LOCAL 198.168.1.* You don't want the trailing '*' there - the . does wildcard matching by itself. I suspect you will find that "198.168.1.*" trys to match a host by that name. Also, don't you mean to have your local network be in 192.168? > Since my laptop is 198.168.0.2, this *shouldn't even work*. (I > originally typoed the IP address and just noticed it while typing this > message!) However, since adding that line to hosts.allow, suddenly my > box is open *from any host anywhere*. I've just confirmed this by > telnetting to my ISP's host and playing: my ftp, telnet, and SMTP > ports are all open. I don't think it's the fault of that line, though - the default is to grant access unless it's denied. > The only uncommented line in hosts.deny is > ALL: PARANOID > Surely that should be blocking anything not on my local LAN. What's > up? No. It only does a consistency check on the connecting host. From hosts_access(5): PARANOID Matches any host whose name does not match its address. When tcpd is built with -DPARANOID (default mode), it drops requests from such clients even before looking at the access control tables. Build without -DPARANOID when you want more control over such requests. To deny everything from everywhere, say "ALL: ALL". -- Mark Brown mailto:broonie@tardis.ed.ac.uk (Trying to avoid grumpiness) http://www.tardis.ed.ac.uk/~broonie/ EUFS http://www.eusa.ed.ac.uk/societies/filmsoc/
Attachment:
pgpCvBISTZYVv.pgp
Description: PGP signature