On May 19, 2006, at 7:33 PM, David Kelly wrote:
On May 19, 2006, at 8:55 PM, jekillen wrote:
I am trying to deny ftp access to my web site from out side. I have
two nics on the server and access it from the inside network via one
and serve to the public on the other.
I tried to write a ru
jekillen wrote:
Hello all;
I am trying to deny ftp access to my web site from out side. I have two
nics on the server and access it from the inside network via one and
serve to the public on the other.
I tried to write a rule in hosts.allow to deny ftp connections to the
public ip address whic
On May 19, 2006, at 8:55 PM, jekillen wrote:
I am trying to deny ftp access to my web site from out side. I have
two nics on the server and access it from the inside network via
one and serve to the public on the other.
I tried to write a rule in hosts.allow to deny ftp connections to
the
>
> Jerry McAllister wrote:
> >> At Sun, 19 Mar 2006 it looks like Jerry McAllister composed:
> >>
> >>> One doesn't start anything from the rc.conf file - at least properly.
> >>> Those things get started from /usr/local/etc/rc.d.
> >>>
> >>> What goes in /etc/rc.conf are environmental variable s
Jerry McAllister wrote:
At Sun, 19 Mar 2006 it looks like Jerry McAllister composed:
One doesn't start anything from the rc.conf file - at least properly.
Those things get started from /usr/local/etc/rc.d.
What goes in /etc/rc.conf are environmental variable settings that
those rc.d scripts lo
>
> At Sun, 19 Mar 2006 it looks like Jerry McAllister composed:
>
> > One doesn't start anything from the rc.conf file - at least properly.
> > Those things get started from /usr/local/etc/rc.d.
> >
> > What goes in /etc/rc.conf are environmental variable settings that
> > those rc.d scripts lo
> Just out of curiosity, why can 'sshd' not be started from the
> '/etc/rc.conf' file?
Sure you can. Just add a line into /etc/rc.conf like this:
sshd_enable="YES"
sshd should be started automatically during next boot.
Regards,
Anthony M. Rasat
PT. Kalteng Pos Press
Palangkaraya
> I'm not sure this is correct. If you read sshd(8), you'll see in the
> FILES section that sshd will read /etc/hosts.allow and /etc/hosts.deny
> on its own (i.e. it's compiled/linked with libwrap). Looking at
> /usr/src/crypto/openssh/Makefile.in for the sshd target verifies this.
That and sshd
At Sun, 19 Mar 2006 it looks like Jerry McAllister composed:
> One doesn't start anything from the rc.conf file - at least properly.
> Those things get started from /usr/local/etc/rc.d.
>
> What goes in /etc/rc.conf are environmental variable settings that
> those rc.d scripts look at to determin
>
> Chris Maness wrote:
>
> > Daniel A. wrote:
> > > On 3/19/06, Chris Maness <[EMAIL PROTECTED]> wrote:
> > >> My denyhost script is doing it's job by adding:
> > >>
> > >> sshd: 62.149.232.105 : deny
> > >>
> > >> to the hosts.allow file, but I see that this host is still making
> > >> attempts
>
> --nextPart3654328.GjrC4HtVEj
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> Content-Disposition: inline
>
> Chris Maness wrote:
>
> > Daniel A. wrote:
> > > On 3/19/06, Chris Maness <[EMAIL PROTECTED]> wrote:
> > >> My denyhost script is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Karol Kwiatkowski wrote:
> Gerard Seibert wrote:
>> Chris Maness wrote:
>>
>>> Also, sshd can't be started in rc.conf, it has to be started in
>>> inetd.conf. Make sure you do a /etc/rc.d/inetd restart after you
>>> make changes.
>> Just out of curi
Gerard Seibert wrote:
> Chris Maness wrote:
>
>> OK, I was able to get to work by just starting out with a blank
>> hosts.allow. Everything is allowed by default, so when denyhosts
>> adds a deny line to the file, it will deny access to that host.
>>
>> Also, sshd can't be started in rc.conf, it
On 3/19/06, Gerard Seibert <[EMAIL PROTECTED]> wrote:
> Chris Maness wrote:
>
> > Daniel A. wrote:
> > > On 3/19/06, Chris Maness <[EMAIL PROTECTED]> wrote:
> > >> My denyhost script is doing it's job by adding:
> > >>
> > >> sshd: 62.149.232.105 : deny
> > >>
> > >> to the hosts.allow file, but I
Chris Maness wrote:
> Daniel A. wrote:
> > On 3/19/06, Chris Maness <[EMAIL PROTECTED]> wrote:
> >> My denyhost script is doing it's job by adding:
> >>
> >> sshd: 62.149.232.105 : deny
> >>
> >> to the hosts.allow file, but I see that this host is still making
> >> attempts to get into my box. I
Daniel A. wrote:
On 3/19/06, Chris Maness <[EMAIL PROTECTED]> wrote:
My denyhost script is doing it's job by adding:
sshd: 62.149.232.105 : deny
to the hosts.allow file, but I see that this host is still making
attempts to get into my box. Is there a cron job or something that has
to re-re
Daniel A. wrote:
On 3/19/06, Chris Maness <[EMAIL PROTECTED]> wrote:
My denyhost script is doing it's job by adding:
sshd: 62.149.232.105 : deny
to the hosts.allow file, but I see that this host is still making
attempts to get into my box. Is there a cron job or something that has
to re-re
Kris Kennaway wrote:
On Sat, Mar 18, 2006 at 06:01:31PM -0800, Chris Maness wrote:
Kris Kennaway wrote:
On Sat, Mar 18, 2006 at 05:48:29PM -0800, Chris Maness wrote:
Sounds like something else is wrong with your hosts.allow then.
# Start by allowing
On Sat, Mar 18, 2006 at 06:01:31PM -0800, Chris Maness wrote:
> Kris Kennaway wrote:
> >On Sat, Mar 18, 2006 at 05:48:29PM -0800, Chris Maness wrote:
> >
> >
> >>>Sounds like something else is wrong with your hosts.allow then.
> >>>
> >
> >
> >># Start by allowing everything (this prevent
Kris Kennaway wrote:
On Sat, Mar 18, 2006 at 05:48:29PM -0800, Chris Maness wrote:
Sounds like something else is wrong with your hosts.allow then.
# Start by allowing everything (this prevents the rest of the file
# from working, so remove it when you need protection).
# The rul
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chris Maness wrote:
>>
> I tried running sshd off of inetd instead of in daemon mode. It still
> didn't work.
>
> here is the file:
Notice anything strange about the top?
> # Start by allowing everything (this prevents the rest of the file
>
On Sat, Mar 18, 2006 at 05:48:29PM -0800, Chris Maness wrote:
> >Sounds like something else is wrong with your hosts.allow then.
> # Start by allowing everything (this prevents the rest of the file
> # from working, so remove it when you need protection).
> # The rules here work on a "First match
Kris Kennaway wrote:
On Sat, Mar 18, 2006 at 05:24:40PM -0800, Chris Maness wrote:
Kris Kennaway wrote:
On Sat, Mar 18, 2006 at 04:12:41PM -0800, Chris Maness wrote:
My denyhost script is doing it's job by adding:
sshd: 62.149.232.105 : deny
to the hosts.allow file, but I se
On Sat, Mar 18, 2006 at 05:24:40PM -0800, Chris Maness wrote:
> Kris Kennaway wrote:
> >On Sat, Mar 18, 2006 at 04:12:41PM -0800, Chris Maness wrote:
> >
> >>My denyhost script is doing it's job by adding:
> >>
> >>sshd: 62.149.232.105 : deny
> >>
> >>to the hosts.allow file, but I see that this
Kris Kennaway wrote:
On Sat, Mar 18, 2006 at 04:12:41PM -0800, Chris Maness wrote:
My denyhost script is doing it's job by adding:
sshd: 62.149.232.105 : deny
to the hosts.allow file, but I see that this host is still making
attempts to get into my box.
Where do you see this (i.e. l
Kris Kennaway wrote:
On Sat, Mar 18, 2006 at 04:12:41PM -0800, Chris Maness wrote:
My denyhost script is doing it's job by adding:
sshd: 62.149.232.105 : deny
to the hosts.allow file, but I see that this host is still making
attempts to get into my box.
Where do you see this (i.e. l
On Sat, Mar 18, 2006 at 04:12:41PM -0800, Chris Maness wrote:
> My denyhost script is doing it's job by adding:
>
> sshd: 62.149.232.105 : deny
>
> to the hosts.allow file, but I see that this host is still making
> attempts to get into my box.
Where do you see this (i.e. logged by what)? host
> BIND version 9.x (not sure on the exact version) and up supports ACLs.
>
> example named.conf
>
> acl china {
> 218.19.160.163; } ;
>
> options {
>blackhole {china;};
> };
thanks ... that looks like a solution...
>
> - jeff
>
--
___
freeb
On Wed, 23 Feb 2005 19:20:11 -0500 (EST), kalin mintchev <[EMAIL PROTECTED]>
wrote:
> >> Feb 23 17:21:05 bigdaddy named[85641]: client 218.19.160.163#64057:
> no such chances. the machine is not on my local network. on the network
> where this machine is there is no windows machines. and the 218.1
>> Feb 23 17:21:05 bigdaddy named[85641]: client 218.19.160.163#64057:
>> update 'bigdaddy.com/IN' denied
>>
>> so i put:
>>
>> ALL : 218.19.160.163 : deny
>>
>> in my hosts.allow but i still get that log piling up
>
> Named isn't built with tcpwrapper support; it would probably cause too
> muc
In the last episode (Feb 23), kalin mintchev said:
> i have some crap in my log like:
>
> Feb 23 16:56:45 bigdaddy named[85641]: client 218.19.160.163#63869: update
> 'bigdaddy.com/IN' denied
> Feb 23 16:56:46 bigdaddy named[85641]: client 218.19.160.163#62855: update
> 'bigdaddy.com/IN' denied
On Tue, Jan 11, 2005 at 02:31:47AM -0500, Bob Hall wrote:
> Three questions:
>
> How do I cause changes in the hosts.allow file to take effect without
> rebooting? Everything I've seen says to restart inetd, but I'm not using
> inetd.
I searched with different keywords and found the answer to thi
On Tue, Jan 11, 2005 at 02:37:23PM +0700, Olivier Nicole wrote:
> To my knowledge, the effects in /etc/hosts.allow are immediate as soon
> as you save the modified file.
>
> And I have been using it that way for many years.
>
> No need to killall -HUP inetd, no need to reboot.
>
> If after a cha
To my knowledge, the effects in /etc/hosts.allow are immediate as soon
as you save the modified file.
And I have been using it that way for many years.
No need to killall -HUP inetd, no need to reboot.
If after a change the service is still not available:
- you did not allow the right thing
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Long Story wrote:
| Hello everyone,
|
|Because of the MASS failure tries to connect to my server using
| random passwords
|I decided to allow only my IP to access the server.
http://www.die.net/doc/linux/man/man5/hosts.allow.5.html
- --
Siddhart
On Tue, Dec 02, 2003 at 12:54:32AM -0500, Kerry B. Rogers wrote:
> I received an e-mail with the following header fragment:
>
> ===V=== cut here ===V
> Received: from priv-edtnes11-hme0.telusplanet.net (outbound03.telus.net
> [199.185.220.222])
> by tinkertoys.net (8.12.10/8.11.6) with ESMTP
> I received an e-mail with the following header fragment:
>
> ===V=== cut here ===V
> Received: from priv-edtnes11-hme0.telusplanet.net (outbound03.telus.net
> [199.185.220.222])
> by tinkertoys.net (8.12.10/8.11.6) with ESMTP id hANMNpKS021237;
> Sun, 23 Nov 2003 15:23:51 -0700 (MST)
> ==
On Thu, Jul 25, 2002 at 03:02:50PM +0200, Dave Raven wrote:
> Hello all,
> This seems to be a fairly simple questions, but has
> been bothering me for a while now.
> I want to specify whole IP classes instead of single ips
> in my hosts.allow config file.
>
> These are the met
38 matches
Mail list logo
