Has anything relating to those files changed between jessie and stretch
to affect cups being blocked?
Would a line in the allow file ALL: localhost:631 help or is the syntax
incorrect?
use sendmail with tcp wrappers but it does not seem to play,
> it looks like it was compiled with support, can anyone help ?
>
>
> Thanks,
> Jon
>
>
Anyone ?
Maybe I was not very clear, this is the default sendmail for Debian
installed via apt. The online docs claim
root@mail:/usr/share/doc# ldd /usr/sbin/sendmail |grep 'libwrap'
libwrap.so.0 => /lib/i386-linux-gnu/libwrap.so.0 (0xb7525000)
root@mail:/usr/share/doc# cat /etc/debian_version
8.2
I want to use sendmail with tcp wrappers but it does not seem to play,
it looks like it was compiled with
Hello Clive
Thanks for pointing me to to ipcalc,
I noticed smb.conf has a commented entry for 127.0.0.0/8
This would cover the whole local subnet:
HostMin: 127.0.0.1
HostMax: 127.255.255.254
Does it make sense to cover more than 127.0.0.1 and 127.0.1.1 in
/etc/hosts.allow ?
I don't kn
Thanks for clearing this up Juan and Shawn.
I noticed I could change smbd to run in inetd mode if I flip the switch
in /etc/default/samba, but I don't known how this would improve things,
eventually create new drawback in cifs performance ... so I'll keep it
as it is with additional smb.conf e
Hi Tuxoholic,
[...]
> With this smb.conf tweaking it works fine, but why could smbd/nmbd run past
> /etc/hosts.allow and /etc/hosts.deny without those lines in smb.conf?
Already answered by Juan Sierra Pons.
> To my limited CIDR understandig a /32 mask should restrict
ME localhost.localdomain localhost
> > 127.0.1.1 MYHOSTNAME
> > 192.168.2.10MYSERVER
> >
> > cat /etc/hosts.allow
> > #ALL: localhost 127.0.1.1 192.168.2.0/24
> > ALL: localhost 127.0.1.1 192.168.2.0/32
> >
> > /etc/hosts.deny
> >
10 MYSERVER
>
> cat /etc/hosts.allow
> #ALL: localhost 127.0.1.1 192.168.2.0/24
> ALL: localhost 127.0.1.1 192.168.2.0/32
>
> /etc/hosts.deny
> ALL: ALL
>
> With this ruleset in place nmbd broadcasts still pull through and cifs mounts
> are still possible, whereas ssh/rsh
/24
ALL: localhost 127.0.1.1 192.168.2.0/32
/etc/hosts.deny
ALL: ALL
With this ruleset in place nmbd broadcasts still pull through and cifs mounts
are still possible, whereas ssh/rsh access is no longer possible.
To get rid of nmbd/smbd access I have to tweak smb.conf additionally:
/etc/samba
Why not uncomment line 19 in /etc/hosts.deny? Then use /etc/hosts.allow
specifically to allow certain ips. The /etc/hosts.allow is checked first
and anything not found in it that's covered by /etc/hosts.deny is supposed
to be blocked. Even so, I'd be looking at the system with last
On Thursday 01 June 2006 11:59 pm, Chuck Payne wrote:
> Hi,
>
> I am being hit by some ips that I like to block. I like to know how can
> I use hosts.deny for the ALL statement
After all the comments, aka lines that look like this:
# This is a comment, after these put
ALL: EXCEPT LOCAL
--
Tele
Chuck Payne <[EMAIL PROTECTED]>:
>
> I am being hit by some ips that I like to block. I like to know how can
> I use hosts.deny for the ALL statement
Have you looked at the contents of hosts.deny? I find this in there:
# Example:ALL: some.host.name, .some.domain
--
Any techno
Chuck Payne wrote:
> Hi,
>
> I am being hit by some ips that I like to block. I like to know how can
> I use hosts.deny for the ALL statement
>
The hosts.deny file is only used by applications that have been compiled
to work with tcpwrappers. If you want a surefire way of blocking IPs,
then loo
Hi,
I am being hit by some ips that I like to block. I like to know how can
I use hosts.deny for the ALL statement
Thanks,
Payne
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Thu, 7 Nov 2002, Benedict Verheyen wrote:
> Hi,
>
> i have some problems setting up ssh connection (not the scope of this email though
>not yet :-) and i came across the /etc/hosts.allow & /etc/hosts.deny files.
>
> Now, i saw in some documents about ssh that they
On Thu, Nov 07, 2002 at 12:18:09PM +, Benedict Verheyen wrote:
> Now, i saw in some documents about ssh that they add "sshd: all" to the
> /etc/hosts.allow file. Am i correct that these 2 files are only used
> when you have inetd enabled and that they otherwise serve no purpose?
> So if i don't
Hi,
i have some problems setting up ssh connection (not the scope of this email though not
yet :-) and i came across the /etc/hosts.allow & /etc/hosts.deny files.
Now, i saw in some documents about ssh that they add "sshd: all" to the
/etc/hosts.allow file. Am i correct that the
On Tue, Apr 17, 2001 at 03:50:17PM -0500, Rich Puhek wrote:
> Will,
>
> A few questions, mostly to ask yourself, that may help you find what's
> going on.
>
> Why mess with bind on the internal machines? Why not just populate
> /etc/hosts and be done with it?
will that help win.* and mac.* machi
.lan.
(208..."?
--Rich
will trillich wrote:
>
> Apr 17 14:58:33 duo xinetd[325]: warning: /etc/hosts.deny, line 15: can't
> verify hostname: gethostbyname(kat.lan) failed
>
> aaugh!
>
> my wife's machine is windo~1 98 at 192.168.1.200; my machine is a
> mac
Apr 17 14:58:33 duo xinetd[325]: warning: /etc/hosts.deny, line 15: can't
verify hostname: gethostbyname(kat.lan) failed
aaugh!
my wife's machine is windo~1 98 at 192.168.1.200; my machine is a
mac os 8.1 at 192.168.1.100. i have no trouble connecting via ftp
(or ssh or http) but she
On Mon, 9 Apr 2001, Waldemar Brodkorb wrote:
> I think this is interesting for you, too:
> 6.1 - Known wrapper limitations
> ---
>
> Many UDP (and rpc/udp) daemons linger around for a while after they
> have serviced a request, just in case another request comes in. I
Hello Mario,
* Mario Vukelic wrote:
> On 08 Apr 2001 14:41:47 -0700, Tyrin Price wrote:
>
> > Here are some examples commented out :-)
> >
> > #:RPC: RPC based services
> > #mountd/1 dgram rpc/udp waitroot/usr/sbin/tcpd
> > /usr/sbin/rpc.mountd
> > #rstatd/1-3 dgram rpc/udp wait
On Sun, Apr 08, 2001 at 08:54:43PM +0200, Mario Vukelic wrote:
> On 08 Apr 2001 13:35:04 -0500, will trillich wrote:
>
> > # kill -HUP `pidof inetd`
> >
> > note spelling of INETD versus INITD (which i presume is a typo)
>
> Thanks for pidof. Someone should have told me that 3 yrs. ago. We
uhh.. "killall -HUP inetd" is much easier ;)
On Sun, Apr 08, 2001 at 01:35:04PM -0500, will trillich ([EMAIL PROTECTED])
wrote:
> On Sun, Apr 08, 2001 at 07:23:41PM +0200, Mario Vukelic wrote:
> > On 08 Apr 2001 19:10:42 +0200, Robert Voigt wrote:
> > > I forgot to mention that I did not forget t
On Mon, Apr 09, 2001 at 12:46:49AM +0200, Mario Vukelic wrote:
> On 08 Apr 2001 14:33:20 -0800, Ethan Benson wrote:
>
> > yes he does, portmap in debian uses tcpwrappers without being run from
> > inetd (which is impossible for portmap).
>
> Ethan Benson, you're my hero. I've been searching for
On 08 Apr 2001 14:33:20 -0800, Ethan Benson wrote:
> yes he does, portmap in debian uses tcpwrappers without being run from
> inetd (which is impossible for portmap).
Ethan Benson, you're my hero. I've been searching for this info for
hours now. All I need now is that you tell me that this ...
On Sun, Apr 08, 2001 at 01:04:26PM -0700, Tyrin Price wrote:
> * Robert Voigt <[EMAIL PROTECTED]> [08Apr01 19:07 +0200]:
> > I put the line
> > ALL: ALL
> > in /etc/hosts.deny and tried to mount a directory on this machine from
> > another one, just to see if
On 08 Apr 2001 14:41:47 -0700, Tyrin Price wrote:
> Here are some examples commented out :-)
>
> #:RPC: RPC based services
> #mountd/1 dgram rpc/udp waitroot/usr/sbin/tcpd
> /usr/sbin/rpc.mountd
> #rstatd/1-3 dgram rpc/udp waitroot/usr/sbin/tcpd
> /usr/sbin/rpc.rstatd
> #
* Mario Vukelic <[EMAIL PROTECTED]> [08Apr01 23:14 +0200]:
> Well, no. The RPC section was empty and I couldn't figure out what goes
> there. Even the new nfs howto is silent on this, although it talks a lot
> about hosts.access/deny. Frankly, I think it's stupid that debian's
> inetd.conf is nearl
On 08 Apr 2001 23:14:44 +0200, Mario Vukelic wrote:
Again replying to myself, sigh. It seems I have nowhere said that I
_can_ mount the exports.
--
I did not vote for the Austrian government
On 08 Apr 2001 14:02:52 -0700, Tyrin Price wrote:
> Do you have the RPC services enabled in your /etc/inetd.conf file? If
> so, it should be working. Make sure that the entries have no errors.
Well, no. The RPC section was empty and I couldn't figure out what goes
there. Even the new nfs howto
* Mario Vukelic <[EMAIL PROTECTED]> [08Apr01 22:35 +0200]:
> On the server I have running:
> portmap, rpc.statd, inetd, [nfsd], [lockd], [rpciod], rpc.mountd
> On the client there is running (when nfs dirs are mounted): portmap,
> rpc.statd, [lockd], [rpciod]
>
> But a tcpdchk on the server tells
On 08 Apr 2001 13:04:26 -0700, Tyrin Price wrote:
> These access control files only work for those services run from inetd
> ... nfs uses portmap. I bet you don't have the portmapper wrapped.
Tyrin, it seems your the one who can answer a question I posted earlier
today, for which there were no t
* Mario Vukelic <[EMAIL PROTECTED]> [08Apr01 21:49 +0200]:
> I see. But changes to (types s l o w l y) inetd.conf do require it,
> don't they?
Yes, changes to /etc/inetd.conf do not take effect until inetd is next
started, however, changes to /etc/hosts.allow and /etc/hosts
* Robert Voigt <[EMAIL PROTECTED]> [08Apr01 19:07 +0200]:
> I put the line
> ALL: ALL
> in /etc/hosts.deny and tried to mount a directory on this machine from
> another one, just to see if it actually denies access to all other hosts.
> /etc/hosts.allow is empty. But I
On 08 Apr 2001 12:42:36 -0700, Tyrin Price wrote:
> It doesn't matter, anyway, since you do not have to restart anything
> for changes to your access control files to take effect. They take
> effect immediately after a change is made.
I see. But changes to (types s l o w l y) inetd.conf do requi
* Mario Vukelic <[EMAIL PROTECTED]> [08Apr01 21:01 +0200]:
> Now it's getting lame inetd
It doesn't matter, anyway, since you do not have to restart anything
for changes to your access control files to take effect. They take
effect immediately after a change is made.
--
Regards,
-=[Ty]
On 08 Apr 2001 20:54:43 +0200, Mario Vukelic wrote:
> Yeah, and of course it's inet.d
Now it's getting lame inetd
--
I did not vote for the Austrian government
On 08 Apr 2001 13:35:04 -0500, will trillich wrote:
> # kill -HUP `pidof inetd`
>
> note spelling of INETD versus INITD (which i presume is a typo)
Thanks for pidof. Someone should have told me that 3 yrs. ago. Well, I
should've known ther must be a solution. Yeah, and of course it's inet.
On Sun, Apr 08, 2001 at 07:23:41PM +0200, Mario Vukelic wrote:
> On 08 Apr 2001 19:10:42 +0200, Robert Voigt wrote:
> > I forgot to mention that I did not forget to save the file and I rebooted
> > the
> > machine.
>
> After changes to these files you just need to do:
> ps aux|grep initd (-> get
On 08 Apr 2001 19:10:42 +0200, Robert Voigt wrote:
> I forgot to mention that I did not forget to save the file and I rebooted the
> machine.
After changes to these files you just need to do:
ps aux|grep initd (-> get the PID of initd)
kill -HUP PID-of-initd
No restart required
--
I did not v
On 08 Apr 2001 19:07:08 +0200, Robert Voigt wrote:
> I put the line
> ALL: ALL
> in /etc/hosts.deny and tried to mount a directory on this machine from
> another one, just to see if it actually denies access to all other hosts.
> /etc/hosts.allow is empty. But I could still m
On Sunday 08 April 2001 19:07, Robert Voigt wrote:
> I put the line
> ALL: ALL
> in /etc/hosts.deny and tried to mount a directory on this machine from
> another one, just to see if it actually denies access to all other hosts.
> /etc/hosts.allow is empty. But I could still mount a
I put the line
ALL: ALL
in /etc/hosts.deny and tried to mount a directory on this machine from
another one, just to see if it actually denies access to all other hosts.
/etc/hosts.allow is empty. But I could still mount and access files. What's
wrong here?
ut nothing happened. Apparently I don't have a
>> spawn command on my machine. I have a spawn_console and a
>> spawn_login, and neither have man pages.
>I believe "spawn" is part of the bash shell.
>It seems to work for me.
No, "spawn" is part of the syntax
On 12-Dec-1999 Mark Wagnon wrote:
> On 12/11/99 06:54PM, Pollywog wrote:
>>
>> Try something like this:
>>
>> ALL:ALL : spawn (echo Attempt from %h %a to %d at `date` | tee -a
>> /var/log/tcp.deny.log |mail [EMAIL PROTECTED])
>>
>
> I gave this a shot, but nothing happened. Apparently I don't
On 12/11/99 06:54PM, Pollywog wrote:
>
> Try something like this:
>
> ALL:ALL : spawn (echo Attempt from %h %a to %d at `date` | tee -a
> /var/log/tcp.deny.log |mail [EMAIL PROTECTED])
>
I gave this a shot, but nothing happened. Apparently I don't have a
spawn command on my machine. I have a sp
On 11-Dec-1999 David Karlin wrote:
> Hello,
> The manpage of HOSTS_ACCESS has a section called "BOOBY TRAPS" which
> describes how to automatically to do a finger on a machine which
> is denied network via /etc/hosts.deny, and mail its output to root.
>
> I'm att
Hello,
The manpage of HOSTS_ACCESS has a section called "BOOBY TRAPS" which
describes how to automatically to do a finger on a machine which
is denied network via /etc/hosts.deny, and mail its output to root.
I'm attmpting to set this up so that any telnet request from outside
m
49 matches
Mail list logo
