diff options
author | cwt <cwt@FreeBSD.org> | 2000-03-28 17:28:56 +0000 |
---|---|---|
committer | cwt <cwt@FreeBSD.org> | 2000-03-28 17:28:56 +0000 |
commit | 25904dc02e3359fd8c7733243fc4b933e1bde754 (patch) | |
tree | 161bf3d70392442619fdb6f348a8a8a468e526e6 | |
parent | 5510bc1924ab9d1571f72994542c550a67230159 (diff) | |
download | FreeBSD-src-25904dc02e3359fd8c7733243fc4b933e1bde754.zip FreeBSD-src-25904dc02e3359fd8c7733243fc4b933e1bde754.tar.gz |
Clarify the disposition of hosts.deny and provide a logically
consistent portmap example rule.
Reviewed by: obrien, markm
Obtained-good-ideas from: obrien
-rw-r--r-- | etc/hosts.allow | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/etc/hosts.allow b/etc/hosts.allow index 2f99941..fbb20a7 100644 --- a/etc/hosts.allow +++ b/etc/hosts.allow @@ -2,8 +2,8 @@ # hosts.allow access control file for "tcp wrapped" applications. # $FreeBSD$ # -# NOTE: The hosts.deny file is no longer used. -# Instead, put both 'allow' and 'deny' rules in the hosts.allow file. +# NOTE: The hosts.deny file is deprecated. +# Place both 'allow' and 'deny' rules in the hosts.allow file. # See hosts_options(5) for the format of this file. # hosts_access(5) no longer fully applies. @@ -47,10 +47,9 @@ exim : ALL : allow # Portmapper is used for all RPC services; protect your NFS! # (IP addresses rather than hostnames *MUST* be used here) -portmap : localhost : allow -portmap : .nice.guy.example.com : allow -portmap : .evil.cracker.example.com : deny -portmap : ALL : allow +portmap : 192.0.2.32/255.255.255.224 : allow +portmap : 192.0.2.96/255.255.255.224 : allow +portmap : ALL : deny # Provide a small amount of protection for ftpd ftpd : localhost : allow |