From c34ee5c602b7ff9567c9aa8c5c2ea7e4e1dd04e6 Mon Sep 17 00:00:00 2001 From: cwt Date: Tue, 28 Mar 2000 17:28:56 +0000 Subject: [PATCH] Clarify the disposition of hosts.deny and provide a logically consistent portmap example rule. Reviewed by: obrien, markm Obtained-good-ideas from: obrien --- etc/hosts.allow | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/etc/hosts.allow b/etc/hosts.allow index 2f99941f91c7..fbb20a7e2f51 100644 --- a/etc/hosts.allow +++ b/etc/hosts.allow @@ -2,8 +2,8 @@ # hosts.allow access control file for "tcp wrapped" applications. # $FreeBSD$ # -# NOTE: The hosts.deny file is no longer used. -# Instead, put both 'allow' and 'deny' rules in the hosts.allow file. +# NOTE: The hosts.deny file is deprecated. +# Place both 'allow' and 'deny' rules in the hosts.allow file. # See hosts_options(5) for the format of this file. # hosts_access(5) no longer fully applies. @@ -47,10 +47,9 @@ exim : ALL : allow # Portmapper is used for all RPC services; protect your NFS! # (IP addresses rather than hostnames *MUST* be used here) -portmap : localhost : allow -portmap : .nice.guy.example.com : allow -portmap : .evil.cracker.example.com : deny -portmap : ALL : allow +portmap : 192.0.2.32/255.255.255.224 : allow +portmap : 192.0.2.96/255.255.255.224 : allow +portmap : ALL : deny # Provide a small amount of protection for ftpd ftpd : localhost : allow