Re: Possible hosts.allow problem
On Wed, 29 Dec 1999, aphro wrote:
> carlf >ALL: PARANOID
> carlf >
> carlf >Surely that should be blocking anything not on my local LAN. What's
> carlf >up?
>
> that line blocks ALL incoming connections(or at least tries) to daemons in
> /etc/inetd.conf from all hosts, no matter where they are. if what you are
> trying to do is ipmasq that does not connect to any services on the linux
> box only passes through the kernel's firewall rules.
$ man 5 hosts_access
PARANOID
Matches any host whose name does not match its
address. When tcpd is built with -DPARANOID
(default mode), it drops requests from such clients
even before looking at the access control tables.
Build without -DPARANOID when you want more control
over such requests.
This doesn't block *all* incoming connections, only those whose
hostname name does not match its address. ALL: ALL should be
used to block all hosts.
------------------------------------------------------
hypnos <mailto:hypnos@m-net.arbornet.org>
Reply to: