Re: hosts.allow does not resolve names
This is a discussion on Re: hosts.allow does not resolve names within the Linux Networking forums, part of the Linux Forums category; On Nov 26, 11:13 pm, Bit Twister <BitTwis...@mouse-potato.com> wrote: > hosts.allow does not ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-28-2007
|
|||
|
|||
Re: hosts.allow does not resolve names
On Nov 26, 11:13 pm, Bit Twister <BitTwis...@mouse-potato.com> wrote:
> hosts.allow does not work with network names. > Would some kind soul tell me why it does not work? How would it know the host name? How do you imagine it works? DS 
|
|
11-28-2007
|
|||
|
|||
|
Re: hosts.allow does not resolve names
On Tue, 27 Nov 2007 16:46:31 -0800 (PST), David Schwartz wrote:
> > How would it know the host name? It would look up the name in /etc/hosts :) > How do you imagine it works? I imagined it would work like man hosts.allow indicates The access control language implements the following patterns: · A string that begins with a ‘.´ character. A host name is matched if the last components of its name match the specified pattern. For example, the pattern ‘.tue.nl´ matches the host name ‘wzv.win.tue.nl´. then looking through man -s 5 hosts_access the example /etc/hosts.allow: ALL: LOCAL @some_netgroup ALL: .foobar.edu EXCEPT terminalserver.foobar.edu would suggest it should work. :-D Feel free to look through the rest of the thread for more info.
|
|
12-26-2007
|
|||
|
|||
|
Re: hosts.allow does not resolve names
Bit Twister <BitTwister@mouse-potato.com> writes:
> I imagined it would work like man hosts.allow indicates > > The access control language implements the following patterns: > > · A string that begins with a ‘.´ character. A host name is > matched if the last components of its name match the specified > pattern. For example, the pattern ‘.tue.nl´ matches the host > name ‘wzv.win.tue.nl´. > > then looking through man -s 5 hosts_access the example > > /etc/hosts.allow: > ALL: LOCAL @some_netgroup > ALL: .foobar.edu EXCEPT terminalserver.foobar.edu > > > would suggest it should work. :-D > > Feel free to look through the rest of the thread for more info. Several things come to mind. 1) It depends on what is implementing tcpwrappers. Some programs link against libwrap, and this is what the manpages above talk about. Some programs emulate tcpwrappers, but just look at the hosts.* files and don't link libwrap. 2) RPC portmapper must use IP numbers, not hostnames. It says this in the portmap manpage here: You have to use the daemon name portmap for the daemon name (even if the binary has a different name). For the client names you can only use the keyword ALL or IP addresses (NOT host or domain names). 3) You can still use tcpd with xinetd. Just turn off xinetd's libwrap, and use right flags in the xinetd.conf file. server will be tcpd, and use NAMEINARGS, NOLIBWRAP. -- [** America, the police state **] Whoooose! What's that noise? Why, it's US citizen's rights, going down the toilet with Bush flushing. http://www.wired.com/politics/securi...007/08/wiretap http://www.hermes-press.com/police_state.htm
|
Linear Mode
