| 1234567891011121314151617181920212223242526272829303132333435 |
- ##
- ## hosts.allow -- TCP Wrappers Host Access Control List
- ##
- # NOTE: The hosts.deny file is deprecated. Place both 'allow' and
- # 'deny' rules in the hosts.allow file. See hosts_options(5) for the
- # format of this file. hosts_access(5) no longer fully applies.
- # Start by allowing everything (this prevents the rest of the file
- # from working, so remove it when you need protection).
- # The rules here work on a "First match wins" basis.
- ALL : ALL : allow
- # OpenSSH sshd(8)
- #sshd : .evil.cracker.example.com : deny
- # Protect against simple DNS spoofing attacks by checking that the
- # forward and reverse records for the remote host match. If a mismatch
- # occurs, access is denied, and any positive ident response within 20
- # seconds is logged. No protection is afforded against DNS poisoning,
- # IP spoofing or more complicated attacks. Hosts with no reverse DNS
- # pass this rule.
- #ALL : PARANOID : RFC931 20 : deny
- # Allow anything from localhost. Note that an IP address (not a host
- # name) *MUST* be specified for portmap(8).
- #ALL : localhost 127.0.0.1 : allow
- #ALL : my.machine.example.com 192.168.0.1 : allow
- # The rest of the daemons are protected.
- ALL : ALL \
- : severity auth.info \
- : twist /bin/echo "You are not welcome to use %d from %h."
|
