diff options
author | dwmalone <dwmalone@FreeBSD.org> | 2001-08-18 14:22:52 +0000 |
---|---|---|
committer | dwmalone <dwmalone@FreeBSD.org> | 2001-08-18 14:22:52 +0000 |
commit | 4449dfd72779ccc7d13c9e1dcc146cff9e709a9d (patch) | |
tree | 41389ea5f9b532d7e6fa7fb15010101aab0a4e77 /etc/hosts.allow | |
parent | cfa5d0ff529c7c68582be2d05f344e470d61c5df (diff) | |
download | FreeBSD-src-4449dfd72779ccc7d13c9e1dcc146cff9e709a9d.zip FreeBSD-src-4449dfd72779ccc7d13c9e1dcc146cff9e709a9d.tar.gz |
Clear up what the line "ALL : PARANOID : RFC931 20 : deny" means
to tcp wrappers. The description is a little long, but hopefully
accurate.
Diffstat (limited to 'etc/hosts.allow')
-rw-r--r-- | etc/hosts.allow | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/etc/hosts.allow b/etc/hosts.allow index ff95ee8..f4e1353 100644 --- a/etc/hosts.allow +++ b/etc/hosts.allow @@ -26,7 +26,12 @@ ALL : ALL : allow # need to do it, here's how #sshd : .evil.cracker.example.com : deny -# Provide some protection against clients using a forged source IP address +# Protect against simple DNS spoofing attacks by checking that the +# forward and reverse records for the remote host match. If a mismatch +# occurs, access is denied, and any positive ident response within +# 20 seconds is logged. No protection is afforded against DNS poisoning, +# IP spoofing or more complicated attacks. Hosts with no reverse DNS +# pass this rule. ALL : PARANOID : RFC931 20 : deny # Allow anything from localhost. Note that an IP address (not a host |