From owner-freebsd-questions@FreeBSD.ORG Sun Mar 19 20:07:49 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D47A216A400 for ; Sun, 19 Mar 2006 20:07:49 +0000 (UTC) (envelope-from jerrymc@clunix.cl.msu.edu) Received: from clunix.cl.msu.edu (clunix.cl.msu.edu [35.9.2.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9D94343D60 for ; Sun, 19 Mar 2006 20:07:46 +0000 (GMT) (envelope-from jerrymc@clunix.cl.msu.edu) Received: from clunix.cl.msu.edu (localhost [127.0.0.1]) by clunix.cl.msu.edu (8.12.10+Sun/8.12.2) with ESMTP id k2JK7jiU018599; Sun, 19 Mar 2006 15:07:45 -0500 (EST) Received: (from jerrymc@localhost) by clunix.cl.msu.edu (8.12.10+Sun/8.12.2/Submit) id k2JK7jf9018598; Sun, 19 Mar 2006 15:07:45 -0500 (EST) From: Jerry McAllister Message-Id: <200603192007.k2JK7jf9018598@clunix.cl.msu.edu> To: gerard@seibercom.net Date: Sun, 19 Mar 2006 15:07:45 -0500 (EST) In-Reply-To: <200603191032.21530.gerard@seibercom.net> X-Mailer: ELM [version 2.5 PL7] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: hosts.allow ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Mar 2006 20:07:49 -0000 > > Chris Maness wrote: > > > Daniel A. wrote: > > > On 3/19/06, Chris Maness wrote: > > >> My denyhost script is doing it's job by adding: > > >> > > >> sshd: 62.149.232.105 : deny > > >> > > >> to the hosts.allow file, but I see that this host is still making > > >> attempts to get into my box. Is there a cron job or something > > >> that has to re-read the hosts.allow file before it the IP will be > > >> blocked? _______________________________________________ > > >> freebsd-questions@freebsd.org mailing list > > >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > >> To unsubscribe, send any mail to > > >> "freebsd-questions-unsubscribe@freebsd.org" > > > > > > Offtopic, but > > > How did you set up denyhosts? Daemon? Cron? > > > > p.s. > > > > OK, I was able to get to work by just starting out with a blank > > hosts.allow. Everything is allowed by default, so when denyhosts > > adds a deny line to the file, it will deny access to that host. > > > > Also, sshd can't be started in rc.conf, it has to be started in > > inetd.conf. Make sure you do a /etc/rc.d/inetd restart after you > > make changes. > > Just out of curiosity, why can 'sshd' not be started from the=20 > '/etc/rc.conf' file? Hmmm. Do you want sshd or inetd listening on the port and being the first one to screen things? Anyway, inetd provides some front end checking and doesn't even start it if it isn't from an acceptable place. jerry > > =2D-=20 > Gerard Seibert > gerard@seibercom.net > > PGP: http://www.seibercom.net/sig/gerard.asc > > --nextPart3654328.GjrC4HtVEj > Content-Type: application/pgp-signature > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2.1 (FreeBSD) > > iD8DBQBEHXmFchM2dIO+3uMRAhLqAJ4yUlAdv8F4iOR6XroOBGA1gfmx2wCghmaI > JA15rhv79wmvbeNUMHdZzXY= > =irtd > -----END PGP SIGNATURE----- > > --nextPart3654328.GjrC4HtVEj-- >