summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorcwt <cwt@FreeBSD.org>2000-03-28 17:28:56 +0000
committercwt <cwt@FreeBSD.org>2000-03-28 17:28:56 +0000
commit25904dc02e3359fd8c7733243fc4b933e1bde754 (patch)
tree161bf3d70392442619fdb6f348a8a8a468e526e6
parent5510bc1924ab9d1571f72994542c550a67230159 (diff)
downloadFreeBSD-src-25904dc02e3359fd8c7733243fc4b933e1bde754.zip
FreeBSD-src-25904dc02e3359fd8c7733243fc4b933e1bde754.tar.gz
Clarify the disposition of hosts.deny and provide a logically
consistent portmap example rule. Reviewed by: obrien, markm Obtained-good-ideas from: obrien
-rw-r--r--etc/hosts.allow11
1 files changed, 5 insertions, 6 deletions
diff --git a/etc/hosts.allow b/etc/hosts.allow
index 2f99941..fbb20a7 100644
--- a/etc/hosts.allow
+++ b/etc/hosts.allow
@@ -2,8 +2,8 @@
# hosts.allow access control file for "tcp wrapped" applications.
# $FreeBSD$
#
-# NOTE: The hosts.deny file is no longer used.
-# Instead, put both 'allow' and 'deny' rules in the hosts.allow file.
+# NOTE: The hosts.deny file is deprecated.
+# Place both 'allow' and 'deny' rules in the hosts.allow file.
# See hosts_options(5) for the format of this file.
# hosts_access(5) no longer fully applies.
@@ -47,10 +47,9 @@ exim : ALL : allow
# Portmapper is used for all RPC services; protect your NFS!
# (IP addresses rather than hostnames *MUST* be used here)
-portmap : localhost : allow
-portmap : .nice.guy.example.com : allow
-portmap : .evil.cracker.example.com : deny
-portmap : ALL : allow
+portmap : 192.0.2.32/255.255.255.224 : allow
+portmap : 192.0.2.96/255.255.255.224 : allow
+portmap : ALL : deny
# Provide a small amount of protection for ftpd
ftpd : localhost : allow
OpenPOWER on IntegriCloud