From owner-freebsd-security Wed Oct 24 22:21:49 2001 Delivered-To: freebsd-security@freebsd.org Received: from science.slc.edu (Science.SLC.Edu [198.83.6.248]) by hub.freebsd.org (Postfix) with ESMTP id 3C0E037B403 for ; Wed, 24 Oct 2001 22:21:42 -0700 (PDT) Received: (from aschneid@localhost) by science.slc.edu (8.11.0/8.11.0) id f9P5JcX01331; Thu, 25 Oct 2001 01:19:38 -0400 (EDT) (envelope-from aschneid) Date: Thu, 25 Oct 2001 01:19:38 -0400 From: Anthony Schneider To: Purwa Riadi Cc: David , freebsd-security@FreeBSD.ORG Subject: Re: telnet limitation Message-ID: <20011025011938.A1299@mail.slc.edu> References: <20011023081729.A10955@warsaw.scl.ameslab.gov> <007c01c15c6b$5a861fc0$ab5b96ca@padjajaran> <000701c15c6c$5271d620$0900000a@web.cc> <00c601c15d13$8dd17200$ab5b96ca@padjajaran> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <00c601c15d13$8dd17200$ab5b96ca@padjajaran>; from purwa@progs4wealth.com on Thu, Oct 25, 2001 at 12:11:36PM +0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I believe that the hosts.deny file is deprecated, and that rtules should now be specified in /etc/hosts.allow. This is a 3.3-RELEASE box we're talking about, which I'm not too sure of, but you can specify IP addresses which can access telnet on your host by specifying rules in your /etc/hosts.allow file such as: ALL : 127.0.0.1 : allow telnetd : 202.169.35.125 : allow ALL : ALL : deny What this effectively does is allow all connections from localhost to localhost for any service, and deny everything for every host except for 202.159.35.125 accessing telnetd. -Anthony. On Thu, Oct 25, 2001 at 12:11:36PM +0700, Purwa Riadi wrote: > > I was try to set the hosts.deny and hosts.allow like below > > #more /etc/hosts.allow > ALL: 127.0.0.1 localhost > ALL: 202.159.35.125 > ALL: 202.159.35.126 > > # more /etc/hosts.deny > ALL: ALL > > But, I can still telnet from all of host in my network. The rules in both of > file didn't give impact at all for my machine(3.3-RELEASE FreeBSD > 3.3-RELEASE). > What should I do now....? > > Also, if I wanna upgrade the server to 4.3-Release...Is it save way for may > data and setting like natd setting? > > Thx and regards > > Purwa R > > > ----- Original Message ----- > From: "David" > To: "Purwa Riadi" ; > Sent: Wednesday, October 24, 2001 4:14 PM > Subject: Re: telnet limitation > > > > hi, > > > > try using tcp wrappers.. it is build into FreeBSD. > > look at hosts.allow > > > > ----- Original Message ----- > > From: "Purwa Riadi" > > To: > > Sent: Wednesday, October 24, 2001 5:07 PM > > Subject: telnet limitation > > > > > > > Dear FreeBSDer, > > > > > > If I wanna give rules in my server, therefore just certain IP that can > > > telnet to my server, whats scripts that should I change and configure? > > > Anyone can explain to me? > > > > > > > > > thx & regards > > > > > > Purwa > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message