hosts.allow revision 45088
1# 2# hosts.allow access control file for "tcp wrapped" apps. 3# $Id$ 4# 5# NOTE: The hosts.deny file is not longer used. Instead, put both 'allow' 6# and 'deny' rules in the hosts.allow file. 7# see hosts_options(5) for the format of this file. 8# hosts_access(5) no longer fully applies. 9 10# This is an example! You will need to modify it for your specific 11# requirements! 12 13# Start by allowing everything (this prevents the rest of the file 14# from working, so remove it when you need protection). 15ALL : ALL : allow 16 17# Wrapping sshd(8) is not normally a good idea, but if you 18# need to do it, here's how 19#sshd : .evil.hacker.org : deny 20 21# Prevent those with no reverse DNS from connecting. 22ALL : PARANOID : RFC931 20 : deny 23 24# Allow anything from localhost 25ALL : localhost : allow 26 27# Sendmail can help protect you against spammers and relay-rapers 28sendmail : localhost : allow 29sendmail : .mydomain.com : allow 30sendmail : .evil.spamnest.org : deny 31sendmail : ALL : allow 32 33# Provide a small amount of protection for ftpd 34ftpd : .warez.d00d.org : deny 35ftpd : ALL : allow 36 37# You need to be clever with finger; do _not_ backfinger!! You can easily 38# start a "finger war". 39fingerd : ALL \ 40 : spawn (echo Finger. | \ 41 /usr/bin/mail -s "tcpd\: %u@%h[%a] fingered me!" root) & \ 42 : deny 43 44# The rest of the daemons are protected. Backfinger and log by email. 45ALL : ALL \ 46 : severity auth.info : spawn (/usr/bin/safe_finger -l @%h | \ 47 /usr/bin/mail -s "tcpd\: %u@%h[%a] tried to use %d (denied)" root) & \ 48 : twist /bin/echo "You are not welcome to use %d from %h." 49