From 99d2860f1bc451577d10458c9f6a85611d7d577c Mon Sep 17 00:00:00 2001
From: Chris Timmons <cwt@FreeBSD.org>
Date: Tue, 28 Mar 2000 17:28:56 +0000
Subject: [PATCH] Clarify the disposition of hosts.deny and provide a logically
 consistent portmap example rule. Reviewed by: obrien, markm
 Obtained-good-ideas from: obrien

---
 etc/hosts.allow | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/etc/hosts.allow b/etc/hosts.allow
index 2f99941f91c7..fbb20a7e2f51 100644
--- a/etc/hosts.allow
+++ b/etc/hosts.allow
@@ -2,8 +2,8 @@
 # hosts.allow access control file for "tcp wrapped" applications.
 # $FreeBSD$
 #
-# NOTE: The hosts.deny file is no longer used.
-#       Instead, put both 'allow' and 'deny' rules in the hosts.allow file.
+# NOTE: The hosts.deny file is deprecated.
+#       Place both 'allow' and 'deny' rules in the hosts.allow file.
 #	See hosts_options(5) for the format of this file.
 #	hosts_access(5) no longer fully applies.
 
@@ -47,10 +47,9 @@ exim : ALL : allow
 
 # Portmapper is used for all RPC services; protect your NFS!
 # (IP addresses rather than hostnames *MUST* be used here)
-portmap : localhost : allow
-portmap : .nice.guy.example.com : allow
-portmap : .evil.cracker.example.com : deny
-portmap : ALL : allow
+portmap : 192.0.2.32/255.255.255.224 : allow
+portmap : 192.0.2.96/255.255.255.224 : allow
+portmap : ALL : deny
 
 # Provide a small amount of protection for ftpd
 ftpd : localhost : allow