Re: hosts.allow

[John Corey <whoop@mtco.com>]

charles@lunarmedia.net wrote:
> 
> > man hosts.allow man hosts.deny
> >
> 
>         doesnt exist on my machine.

Get the sources and have the man pages (any metalab mirror, look for
tcp_wrappers-7.6* or so; or search on http://ftpsearch.lycos.com);
they're really pretty good.  Those and a little experimentation and
you'll be all set.
 
> >
> > If you want really really limited access to the machine.. set up the only
> > hosts allowed for network connection in hosts.allow and deny ALL:ALL in
> > /etc/hosts.deny.
> >
> > - Kara
> 
>         I understand that much of how it works, but say that I wanted to
>         allow pop3 to all, but still deny all other services to all.
>         I assume that hosts.allow statements are composed of :
>         service:hosts/network
>         thus ALL : 10.254.4. will allow anything on the 10.254.4.0/24
>         subnet access to all network services. I am looking for something
>         more granular that would be something like:
> 
>         POP3 : ALL
>         ALL : 192.168.100.
>         ALL : 10.254.9.

Yes, first thing you need to do is deny everyone to everything.  That's
done by putting "ALL:ALL" in hosts.deny.  Then you only have one file
for who's allowed to what (hosts.allow) to worry about.  Then the
hosts.allow takes the server name (ie in.pop3d) as passed to tcpd. 
Here's an example from my hosts.allow:

imapd: 192.168.1., 127.

See, very easy.

>         so that I would be able to allow the world pop capabilities, yet
>         restrain access to all other netowrk services to specific
>         networks.
> 
>         Any ideas?
>         Charles

--
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.