6cbcd29274
Anyone with good ideas for this is welcome to contribute.
49 lines
1.5 KiB
Plaintext
49 lines
1.5 KiB
Plaintext
#
|
|
# hosts.allow access control file for "tcp wrapped" apps.
|
|
# $Id$
|
|
#
|
|
# NOTE: The hosts.deny file is not longer used. Instead, put both 'allow'
|
|
# and 'deny' rules in the hosts.allow file.
|
|
# see hosts_options(5) for the format of this file.
|
|
# hosts_access(5) no longer fully applies.
|
|
|
|
# This is an example! You will need to modify it for your specific
|
|
# requirements!
|
|
|
|
# Start by allowing everything (this prevents the rest of the file
|
|
# from working, so remove it when you need protection).
|
|
ALL : ALL : allow
|
|
|
|
# Wrapping sshd(8) is not normally a good idea, but if you
|
|
# need to do it, here's how
|
|
#sshd : .evil.hacker.org : deny
|
|
|
|
# Prevent those with no reverse DNS from connecting.
|
|
ALL : PARANOID : RFC931 20 : deny
|
|
|
|
# Allow anything from localhost
|
|
ALL : localhost : allow
|
|
|
|
# Sendmail can help protect you against spammers and relay-rapers
|
|
sendmail : localhost : allow
|
|
sendmail : .mydomain.com : allow
|
|
sendmail : .evil.spamnest.org : deny
|
|
sendmail : ALL : allow
|
|
|
|
# Provide a small amount of protection for ftpd
|
|
ftpd : .warez.d00d.org : deny
|
|
ftpd : ALL : allow
|
|
|
|
# You need to be clever with finger; do _not_ backfinger!! You can easily
|
|
# start a "finger war".
|
|
fingerd : ALL \
|
|
: spawn (echo Finger. | \
|
|
/usr/bin/mail -s "tcpd\: %u@%h[%a] fingered me!" root) & \
|
|
: deny
|
|
|
|
# The rest of the daemons are protected. Backfinger and log by email.
|
|
ALL : ALL \
|
|
: severity auth.info : spawn (/usr/bin/safe_finger -l @%h | \
|
|
/usr/bin/mail -s "tcpd\: %u@%h[%a] tried to use %d (denied)" root) & \
|
|
: twist /bin/echo "You are not welcome to use %d from %h."
|