64 lines
2.6 KiB
Plaintext
64 lines
2.6 KiB
Plaintext
|
# /etc/hosts.allow
|
||
|
# See 'man tcpd' and 'man 5 hosts_access' for a detailed description
|
||
|
# of /etc/hosts.allow and /etc/hosts.deny.
|
||
|
#
|
||
|
# short overview about daemons and servers that are built with
|
||
|
# tcp_wrappers support:
|
||
|
#
|
||
|
# package name | daemon path | token
|
||
|
# ----------------------------------------------------------------------------
|
||
|
# ssh, openssh | /usr/sbin/sshd | sshd, sshd-fwd-x11, sshd-fwd-<port>
|
||
|
# quota | /usr/sbin/rpc.rquotad | rquotad
|
||
|
# tftpd | /usr/sbin/in.tftpd | in.tftpd
|
||
|
# portmap | /sbin/portmap | portmap
|
||
|
# The portmapper does not verify against hostnames
|
||
|
# to prevent hangs. It only checks non-local addresses.
|
||
|
#
|
||
|
# (kernel nfs server)
|
||
|
# nfs-utils | /usr/sbin/rpc.mountd | mountd
|
||
|
# nfs-utils | /sbin/rpc.statd | statd
|
||
|
#
|
||
|
# (unfsd, userspace nfs server)
|
||
|
# nfs-server | /usr/sbin/rpc.mountd | rpc.mountd
|
||
|
# nfs-server | /usr/sbin/rpc.ugidd | rpc.ugidd
|
||
|
#
|
||
|
# (printing services)
|
||
|
# lprng | /usr/sbin/lpd | lpd
|
||
|
# cups | /usr/sbin/cupsd | cupsd
|
||
|
# The cupsd server daemon reports to the cups
|
||
|
# error logs, not to the syslog(3) facility.
|
||
|
#
|
||
|
# (Uniterrupted Power Supply Software)
|
||
|
# apcupsd | /sbin/apcupsd | apcupsd
|
||
|
# apcupsd | /sbin/apcnisd | apcnisd
|
||
|
#
|
||
|
# All of the other network servers such as samba, apache or X, have their own
|
||
|
# access control scheme that should be used instead.
|
||
|
#
|
||
|
# In addition to the services above, the services that are started on request
|
||
|
# by inetd or xinetd use tcpd to "wrap" the network connection. tcpd uses
|
||
|
# the last component of the server pathname as a token to match a service in
|
||
|
# /etc/hosts.{allow,deny}. See the file /etc/inetd.conf for the token names.
|
||
|
# The following examples work when uncommented:
|
||
|
#
|
||
|
#
|
||
|
# Example 1: Fire up a mail to the admin if a connection to the printer daemon
|
||
|
# has been made from host foo.bar.com, but simply deny all others:
|
||
|
# lpd : foo.bar.com : spawn /bin/echo "%h printer access" | \
|
||
|
# mail -s "tcp_wrappers on %H" root
|
||
|
#
|
||
|
#
|
||
|
# Example 2: grant access from local net, reject with message from elsewhere.
|
||
|
# in.telnetd : ALL EXCEPT LOCAL : ALLOW
|
||
|
# in.telnetd : ALL : \
|
||
|
# twist /bin/echo -e "\n\raccess from %h declined.\n\rGo away.";sleep 2
|
||
|
#
|
||
|
#
|
||
|
# Example 3: run a different instance of rsyncd if the connection comes
|
||
|
# from network 172.20.0.0/24, but regular for others:
|
||
|
# rsyncd : 172.20.0.0/255.255.255.0 : twist /usr/local/sbin/my_rsyncd-script
|
||
|
# rsyncd : ALL : ALLOW
|
||
|
#
|
||
|
|
||
|
|