----- Original Message ----- From: Philip S Tellis philip.tellis@iname.com Subject: [ILUG-BOM] tcpd thread
Is anyone going to continue with the tcpd thread or is it over? I
think
that there is a lot more to be covered.
i was about to ask the same question! anyhow, Venema, the creator of tcpd, also developed a 'language' for specifying the access control rules which are specified in hosts.allow and hosts.deny. these provide a rudimentary sort of protection for your services. The normal strategy is to deny all connections, and explicitly allow only those you want to. for eg: your hosts.deny would read like ALL: ALL this means deny all services to requests from all addresses. remember that hosts.allow is checked first, then hosts.deny. The first rule that matches is applied. Now all you need to do is specify what you want to allow.
food for next mail : can tcpd work for UDP? what about tcpd + xinetd? what kinds of servers can tcpd not protect?
regards, kishor
_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com