Re: allow and deny ih fedora 7



On 10 Sep, 12:20, john toynbee <john.toyn...@xxxxxxxxx> wrote:
On Mon, 10 Sep 2007 01:55:41 -0700, Nico wrote:
On 8 Sep, 16:59, john toynbee <john.toyn...@xxxxxxxxx> wrote:
If I write in /etc/hosts.allow:

ALL: 127.

and in /etc/hosts.deny:

ALL: ALL

then that works in Fedora 7, where is not installed xinetd by default?

John

And what exactly is your question? What does this work for, or not work
for?

Here:http://tldp.org/HOWTO/Security-HOWTO/network-security.html
it is written:
"For example, a normal dial-up user can prevent outsiders from connecting
to his machine, yet still have the ability to retrieve mail, and make
network connections to the Internet. To do this, you might add the
following to your /etc/hosts.allow:
ALL: 127.
And of course /etc/hosts.deny would contain:
ALL: ALL
which will prevent external connections to your machine, yet still allow
you from the inside to connect to servers on the Internet.
Keep in mind that tcp_wrappers only protects services executed from
inetd, and a select few others."

But in Fedora 7 by default there is neither inetd nor xinetd.
Then, is changing /etc/hosts.allow and /etc/hosts.deny always useful?
Moreover, in

ALL: 127.

is the full stop a misprint or not?

John- Hide quoted text -

- Show quoted text -

OK, what that *REALLY* means is "permit all services from IP addresses
127.0.0.0/8." This means that localhost, which is typically on
127.0.0.1, will be allowed to connect to and start inetd or xinetd
services which use the relevant software.

The relevant software is called "tcp_wrappers". xinetd, which is what
Fedora 7 uses to start services like rsync and has been used for many
different services. Xinetd follows these rules in these files. Other
software may, with the right libraries and functions compiled in, but
it's very hard for the authors of tcp_wrappers to guess what may use
these libraries, so they don't try.

Does this make sense? What are you trying to run that you might need
hosts.deny or xinetd?

.