Re: hosts.allow does not resolve names
- From: jayjwa <jayjwa@xxxxxxxxxxxxxxxxxxx>
- Date: Wed, 26 Dec 2007 04:53:02 -0500
Bit Twister <BitTwister@xxxxxxxxxxxxxxxx> writes:
I imagined it would work like man hosts.allow indicates
The access control language implements the following patterns:
· A string that begins with a ‘.´ character. A host name is
matched if the last components of its name match the specified
pattern. For example, the pattern ‘.tue.nl´ matches the host
name ‘wzv.win.tue.nl´.
then looking through man -s 5 hosts_access the example
/etc/hosts.allow:
ALL: LOCAL @some_netgroup
ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
would suggest it should work. :-D
Feel free to look through the rest of the thread for more info.
Several things come to mind. 1) It depends on what is implementing
tcpwrappers. Some programs link against libwrap, and this is what the
manpages above talk about. Some programs emulate tcpwrappers, but just
look at the hosts.* files and don't link libwrap. 2) RPC portmapper must
use IP numbers, not hostnames. It says this in the portmap manpage
here:
You have to use the daemon name portmap for the daemon name (even if the
binary has a different name). For the client names you can only use the
keyword ALL or IP addresses (NOT host or domain names).
3) You can still use tcpd with xinetd. Just turn off xinetd's libwrap,
and use right flags in the xinetd.conf file. server will be tcpd, and
use NAMEINARGS, NOLIBWRAP.
--
[** America, the police state **]
Whoooose! What's that noise? Why, it's US citizen's
rights, going down the toilet with Bush flushing.
http://www.wired.com/politics/security/news/2007/08/wiretap
http://www.hermes-press.com/police_state.htm
.
- Prev by Date: Re: Wireless security
- Next by Date: NetworkManager und wpa_supplicant overview
- Previous by thread: ppp sharing via NAT
- Next by thread: NetworkManager und wpa_supplicant overview
- Index(es):
Relevant Pages
|
