Re: Possible hosts.allow problem

To: aphro <nate@firetrail.com>
Cc: Carl Fink <carlf@panix.com>, debian-user@lists.debian.org, recipient list not shown: ;, recipient list not shown: ;
Subject: Re: Possible hosts.allow problem
From: hypnos <hypnos@m-net.arbornet.org>
Date: Thu, 30 Dec 1999 08:47:15 +0000 (GMT)
Message-id: <[🔎] Pine.LNX.4.10.9912300845510.578-100000@lemnos>
In-reply-to: <[🔎] Pine.LNX.4.21.9912292346410.14803-100000@galactica.firetrail.com>

On Wed, 29 Dec 1999, aphro wrote:

> carlf >ALL: PARANOID
> carlf >
> carlf >Surely that should be blocking anything not on my local LAN.  What's
> carlf >up?
> 
> that line blocks ALL incoming connections(or at least tries) to daemons in
> /etc/inetd.conf from all hosts, no matter where they are. if what you are
> trying to do is ipmasq that does not connect to any services on the linux
> box only passes through the kernel's firewall rules.



$ man 5 hosts_access

       PARANOID
              Matches  any  host  whose  name  does not match its
              address.   When  tcpd  is  built  with   -DPARANOID
              (default mode), it drops requests from such clients
              even before looking at the access  control  tables.
              Build without -DPARANOID when you want more control
              over such requests.

This doesn't block *all* incoming connections, only those whose
hostname name does not match its address.  ALL: ALL should be
used to block all hosts.

------------------------------------------------------
hypnos              <mailto:hypnos@m-net.arbornet.org>

Reply to:

References:
- Re: Possible hosts.allow problem
  - From: aphro <nate@firetrail.com>

Prev by Date: Re: [Solved] Re: syslog and hostname ?
Next by Date: Multiple virtualusertables
Previous by thread: Re: Possible hosts.allow problem
Next by thread: (1) /etc/init.d/inn: start-stop-daemon: command not found? (2) actsync difficulties.
Index(es):
- Date
- Thread