Re: SNMP Requests

2008/4/24 Mayuresh Janorkar <rj_mayuresh@rediffmail.com>:
> But then now my question is why do we need /etc/host.allow

Firstly, this isn't really a question about Net-SNMP.
The /etc/hosts.{allow,deny} mechanism is a separate
standalone system. We just happen to make use of it.

When setting up any sort of security (not just network access),
there are two basic approaches. You can either say:

- I want to allow everything except these known problems
or
- I want to block everything except these known valid usage


/etc/hosts.deny is used for the first approach:
- I want to allow everything except these known dodgy systems

/etc/hosts.allow is used for the second approach:
- I want to block everything except these known trusted systems


> If same IP address is present in /etc/host.allow and in /etc/host.deny t=
hen
> what will happen and why??

This is covered in the hosts.allow(5) man page:

The access control software consults two files. The search stops at =
the
first match:

=B7 Access will be granted when a (daemon,client) pair match=
es an
entry in the /etc/hosts.allow file.

=B7 Otherwise, access will be denied when a (daemon,client) =
pair
matches an entry in the /etc/hosts.deny file.

=B7 Otherwise, access will be granted.

If you have the same entry in both files, access will be allowed.


> Why do we need two files for the same purpose?

Because they are not used for the same purpose.
They are used for complementary purposes.

Dave

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference =

Don't miss this year's exciting event. There's still time to save $100. =

Use priority code J8TL2D2. =

http://ad.doubleclick.net/clk;198757....sun.com/java=
one
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/...net-snmp-users