hosts.allow (159140) | hosts.allow (161710) |
---|---|
1# 2# hosts.allow access control file for "tcp wrapped" applications. | 1# 2# hosts.allow access control file for "tcp wrapped" applications. |
3# $FreeBSD: head/etc/hosts.allow 159140 2006-06-01 14:14:58Z csjp $ | 3# $FreeBSD: head/etc/hosts.allow 161710 2006-08-29 09:20:48Z ru $ |
4# 5# NOTE: The hosts.deny file is deprecated. 6# Place both 'allow' and 'deny' rules in the hosts.allow file. 7# See hosts_options(5) for the format of this file. 8# hosts_access(5) no longer fully applies. 9 10# _____ _ _ 11# | ____| __ __ __ _ _ __ ___ _ __ | | ___ | | --- 22 unchanged lines hidden (view full) --- 34# pass this rule. 35ALL : PARANOID : RFC931 20 : deny 36 37# Allow anything from localhost. Note that an IP address (not a host 38# name) *MUST* be specified for rpcbind(8). 39ALL : localhost 127.0.0.1 : allow 40# Comment out next line if you build libwrap without IPv6 support. 41ALL : [::1] : allow | 4# 5# NOTE: The hosts.deny file is deprecated. 6# Place both 'allow' and 'deny' rules in the hosts.allow file. 7# See hosts_options(5) for the format of this file. 8# hosts_access(5) no longer fully applies. 9 10# _____ _ _ 11# | ____| __ __ __ _ _ __ ___ _ __ | | ___ | | --- 22 unchanged lines hidden (view full) --- 34# pass this rule. 35ALL : PARANOID : RFC931 20 : deny 36 37# Allow anything from localhost. Note that an IP address (not a host 38# name) *MUST* be specified for rpcbind(8). 39ALL : localhost 127.0.0.1 : allow 40# Comment out next line if you build libwrap without IPv6 support. 41ALL : [::1] : allow |
42ALL : my.machine.example.com 192.0.2.35 : allow | 42#ALL : my.machine.example.com 192.0.2.35 : allow |
43 44# To use IPv6 addresses you must enclose them in []'s | 43 44# To use IPv6 addresses you must enclose them in []'s |
45ALL : [fe80::%fxp0]/10 : allow 46ALL : [fe80::]/10 : deny 47ALL : [2001:db8:2:1:2:3:4:3fe1] : deny 48ALL : [2001:db8:2:1::]/64 : allow | 45#ALL : [fe80::%fxp0]/10 : allow 46#ALL : [fe80::]/10 : deny 47#ALL : [2001:db8:2:1:2:3:4:3fe1] : deny 48#ALL : [2001:db8:2:1::]/64 : allow |
49 50# Sendmail can help protect you against spammers and relay-rapers 51sendmail : localhost : allow | 49 50# Sendmail can help protect you against spammers and relay-rapers 51sendmail : localhost : allow |
52sendmail : .nice.guy.example.com : allow 53sendmail : .evil.cracker.example.com : deny | 52#sendmail : .nice.guy.example.com : allow 53#sendmail : .evil.cracker.example.com : deny |
54sendmail : ALL : allow 55 56# Exim is an alternative to sendmail, available in the ports tree 57exim : localhost : allow | 54sendmail : ALL : allow 55 56# Exim is an alternative to sendmail, available in the ports tree 57exim : localhost : allow |
58exim : .nice.guy.example.com : allow 59exim : .evil.cracker.example.com : deny | 58#exim : .nice.guy.example.com : allow 59#exim : .evil.cracker.example.com : deny |
60exim : ALL : allow 61 62# Rpcbind is used for all RPC services; protect your NFS! 63# (IP addresses rather than hostnames *MUST* be used here) | 60exim : ALL : allow 61 62# Rpcbind is used for all RPC services; protect your NFS! 63# (IP addresses rather than hostnames *MUST* be used here) |
64rpcbind : 192.0.2.32/255.255.255.224 : allow 65rpcbind : 192.0.2.96/255.255.255.224 : allow | 64#rpcbind : 192.0.2.32/255.255.255.224 : allow 65#rpcbind : 192.0.2.96/255.255.255.224 : allow |
66rpcbind : ALL : deny 67 68# NIS master server. Only local nets should have access 69# (Since this is an RPC service, rpcbind needs to be considered) 70ypserv : localhost : allow | 66rpcbind : ALL : deny 67 68# NIS master server. Only local nets should have access 69# (Since this is an RPC service, rpcbind needs to be considered) 70ypserv : localhost : allow |
71ypserv : .unsafe.my.net.example.com : deny 72ypserv : .my.net.example.com : allow | 71#ypserv : .unsafe.my.net.example.com : deny 72#ypserv : .my.net.example.com : allow |
73ypserv : ALL : deny 74 75# Provide a small amount of protection for ftpd 76ftpd : localhost : allow | 73ypserv : ALL : deny 74 75# Provide a small amount of protection for ftpd 76ftpd : localhost : allow |
77ftpd : .nice.guy.example.com : allow 78ftpd : .evil.cracker.example.com : deny | 77#ftpd : .nice.guy.example.com : allow 78#ftpd : .evil.cracker.example.com : deny |
79ftpd : ALL : allow 80 81# You need to be clever with finger; do _not_ backfinger!! You can easily 82# start a "finger war". 83fingerd : ALL \ 84 : spawn (echo Finger. | \ 85 /usr/bin/mail -s "tcpd\: %u@%h[%a] fingered me!" root) & \ 86 : deny 87 88# The rest of the daemons are protected. 89ALL : ALL \ 90 : severity auth.info \ 91 : twist /bin/echo "You are not welcome to use %d from %h." | 79ftpd : ALL : allow 80 81# You need to be clever with finger; do _not_ backfinger!! You can easily 82# start a "finger war". 83fingerd : ALL \ 84 : spawn (echo Finger. | \ 85 /usr/bin/mail -s "tcpd\: %u@%h[%a] fingered me!" root) & \ 86 : deny 87 88# The rest of the daemons are protected. 89ALL : ALL \ 90 : severity auth.info \ 91 : twist /bin/echo "You are not welcome to use %d from %h." |