On Sun, Apr 08, 2001 at 01:04:26PM -0700, Tyrin Price wrote: > * Robert Voigt <f1k@gmx.de> [08Apr01 19:07 +0200]: > > I put the line > > ALL: ALL > > in /etc/hosts.deny and tried to mount a directory on this machine from > > another one, just to see if it actually denies access to all other hosts. > > /etc/hosts.allow is empty. But I could still mount and access files. What's > > wrong here? > > These access control files only work for those services run from inetd this is not true, any service compiled with libwrap will also use hosts.{allow,deny} such packages include openssh, mountd, statd, portmap, and afpd. all of these use and respect /etc/hosts.{allow,deny} without being run from inetd > ... nfs uses portmap. I bet you don't have the portmapper wrapped. yes he does, portmap in debian uses tcpwrappers without being run from inetd (which is impossible for portmap). -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgptK8Baj30O1.pgp
Description: PGP signature