[NTLUG:Discuss] Killing Bad People
Bug Hunter
bughuntr at one.ctelcom.net
Wed Feb 6 16:44:03 CST 2002
OOPS! I did not read your comment closely enough before sending the
last message. Some scenarios:
1.2.3.4 in hosts.allow, hosts.deny : ALLOWED (hosts.allowed checked
first)
1.2.3.4 in hosts.deny, not in hosts.allow : DENIED
1.2.3.4 in hosts.allow, not in hosts.deny : ALLOWED
1.2.3.4 in not in hosts.allow, not in hosts.deny : ALLOWED
1.2.3.4 not in hosts.allow, ALL:ALL in hosts.deny : DENIED
The search order is hard to read the way I wrote it.
bug
On Wed, 6 Feb 2002, m m wrote:
> >From: Bug Hunter <bughuntr at one.ctelcom.net>
> >
> > Well, we do run the latest version of sshd. And we put it on a
> >non-standard port, up there. You can then open sshd up in hosts.allow
> >
> >sshd: ALL
> >
> > so that it is accessible from anywhere.
> >
> > Note the order of the search for tcp_wrappers (and sshd) is
> >
> >hosts.allow, hosts.deny
> >
> > if the host is in hosts.allow, then allow. otherwise, check hosts.deny
> >and see if it is not allowed. If it is NOT REFUSED in hosts.deny, then
> >let the service work.
> This seems a little strange to me.
> what is the final results of each condition?
> use ip 1.2.3.4 for example.
>
> a) 1.2.3.4 in hosts.allow, in hosts.deny
> b) 1.2.3.4 not in hosts.allow, in hosts.deny
> c) 1.2.3.4 in hosts.allow, not in hosts.deny
> d) 1.2.3.4 not hosts.allow, not hosts.deny
>
> according to Bug, a) not allowed, b) not allowed, c) allowed, d)?
>
> on d), I guess the result is deny, if this is the case
> it seems that hosts.deny is only useful to _deny_ hosts.allow.
>
>
>
> >
> >bug
>
>
> _________________________________________________________________
> Send and receive Hotmail on your mobile device: http://mobile.msn.com
>
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
More information about the Discuss
mailing list