Re: hosts & hosts.allow (Was Unable to FTP oddity. . .)

Wed, 18 Mar 1998 13:24:30 -0500 


This is fundamentally a bad thing. What happens when I take MY DNS server,
and tell it that

10.100.2.23     IN      PTR     foobar.my.domain.com
[acknowledging that 10.x is an RFC1918 address, but SOME valid address].

Your "security" will confirm that "YES, 10.100.2.23 is part of
.domain.com" and allow me access. Is that what you wanted? I highly doubt
it.

I think you probably want to be using IP addresses in your hosts file, and
not domains.

On Wed, 18 Mar 1998, Gibson, Todd wrote:

>       (snip)
>       > And list individually the services you want to allow in
> /etc/hosts.allow:
> 
>       > ALL: 127.
>       > in.ftpd: .my.domain
>       > in.telnetd: .my.domain
>       > in.popd: .my.domain
> 
>       (snip)
>       What is the proper order for /etc/hosts?
>       192.168.1.1     machine.domain.com      machine
>       or
>       192.168.1.1     machine machine.domain.com
> 
>       Now assume that /etc/hosts.allow contains:  ALL: LOCAL
>       If I list the FQDN first in /etc/hosts, access is denied to all
> local services accessing via "machine" because
>       telnet machine
>       resolves to
>       telnet machine.domain.com
>       Which is not "local" according to the man page.
> 
>       However, this can easily be overcome by using the entries in
> /etc/hosts.allow that are shown
>       at the beginning of this message.  So which order is proper for
> /etc/hosts?
>       Thanks,
>       -TAG
> 
> 
> -- 
>   PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
> http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
>          To unsubscribe: mail [EMAIL PROTECTED] with 
>                        "unsubscribe" as the Subject.
> 

======================================================================
Derek J. Balling          | "Bill Gates is a monocle and a white 
[EMAIL PROTECTED]        |  fluffy cat from being a villian in the
http://www.megacity.org/  |  next Bond film."  - Dennis Miller
======================================================================


-- 
  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
         To unsubscribe: mail [EMAIL PROTECTED] with 
                       "unsubscribe" as the Subject.

Reply via email to