[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] tcp-wrapper
- Subject: Re: [cobalt-users] tcp-wrapper
- From: Josh Kuperman <josh@xxxxxxxxxxxxxxxxxx>
- Date: Thu May 2 07:06:02 2002
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Thu, May 02, 2002 at 11:46:57AM +0500, Atif Munir wrote:
> Hi,
> When I apply tcp wrapper on my server by writting
> ALL: ALL in /etc/hosts.deny
> My users become unable to pop the mail. I want to just block telnet by
> tcp-wrapper.
> My /etc/hosts.allow file is as under
> in.telnetd: 192.168.0.1
> in.qpopperd: 0.0.0.0/0.0.0.0
> Any help?
> Thanks in advance
I assume your users are scattered and your allowed telneters at the
local machine. All this is in the documentation for tcp-wrappers,
available more readily with a free installation of Linux.
In any case something like 'in.qpopperd:ALL:ALLOW' would be the
traditional way of allowing the daemon to be accesses. For example if
you were just serving 192.168.1.0/24 network and the qpopperd was the
only allowed inetd you could simply use something like this.
ALL:localhost:ALLOW
ALL:127.0.0.1:ALLOW
in.qpoperd:192.168.1.0/255.255.255.0:ALLOW
ALL:ALL:DENY
Unless your denial rules are elaborate it may be safer to just use the
hosts.allow and erase the denial rules. When I was rooted the last
time (long ago and far away) one of the first things the root-kit
kiddie did was to add about three pages of newlines /etc/hosts.allow
to let themselves back in. If you have few and simple rules - a good
idea its nice to be able to see them within a 24 line telnet screen.
--
Josh Kuperman
josh@xxxxxxxxxxxxxxxxxx