On Sun, 24 Mar 2002 08:46:00 +0100, Sven Hoexter wrote: >On Sat, Mar 23, 2002 at 01:09:37PM -0800, Jaye Inabnit ke6sls wrote:
>> My question now is this: do I need to make these hosts_allow entries into >> each of my linux computers? I still find it very odd that all the other >> computers were able to connect to my firewall/router as it was, and only my >> Woody box was banned from connecting. >IIRC it helps fixing your DNS problem. The real problem is that in >/etc/hosts.deny is ALL:PARANOID set. This entry blocks all hosts that >have an invalid or no PTR record. My understanding has been that /etc/hosts.deny ALL:PARANOID is a good thing (tm), in that visitors not invited in, are kicked out. Which is your objection in this case. /etc/hosts.allow is tested first and if a match is found, then host.deny is never tested. Thus, you can "allow" your whole LAN by: ALL : 192.168.0. # <--note the trailing "." or a piece of it: ALL : 192.168.0. EXCEPT 192.168.0.46 # or ALL : .foo.bar EXCEPT honker.foo.bar # note leading "." Won't these general allows eliminate the need to edit each host for each addition/subtraction on your net? If ALL : PARANOID is not used in hosts.deny, then any host not specifically denied, is allowed. That seems to me to be a bad thing (tm). In the above example, everybody in the world except honker is let in. If this is not germane to the thread, I apologize. If it is wrong, I seek instruction. -- gt It is interesting to note that as one evil empire (generic) fell, another Evil Empire (tm) began its nefarious rise. -- me -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
