Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 24 Jul 2002 09:22:34 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        David Merriman <merriman@1s.net>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: FBSD config files - tutorials, how-to, other pointers? Where?
Message-ID:  <20020724082234.GD88546@happy-idiot-talk.infracaninophi>
In-Reply-To: <000001c232da$fb119cd0$0190a8c0@alpha>
References:  <000001c232da$fb119cd0$0190a8c0@alpha>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 24, 2002 at 01:25:51AM -0500, David Merriman wrote:
> Are there any kind of reference docs to the various configuration files
> in FreeBSD? I mean, stuff that explains what the different lines &
> entries in them are, preferably with examples?

There are man pages that describe most of the important configuration
files available in section 5 of the manual.  Usually they are
reasonably clear and informative and most will contain examples.
However, there is no guarrantee that all manual pages are written to
the same standard.  

As well as man pages, it's quite common for there to be 'info' pages
in /usr/share/info and other documentation under /usr/share/doc ---
for stuff installed from ports that usually /usr/local/share/info,
/usr/local/share/doc respectively.  Many packages come from third
parties, and those often have their own web sites or other resources
around the net.

> As a for-instance, I'm looking at the hosts.allow file, and the man page
> doesn't do much to clarify what the different sections are for, or what
> the line entires mean.

That's a specific problem with the tcp wrappers documentation that you
are experiencing.  

There aren't "sections" as such in hosts.allow -- the file is
essentially a list of rules which are checked in order.  The first
matched rule applies, so if you put

    ALL : ALL : allow

at the top of the file nothing below that line will be used.  ie. you
should order your rule set from the most specific to the most general.
(This is precisely what the example hosts.allow file does).

Each of the rule lines is divided into three or four parts divided by
colons.  The first part is the name of the server being wrapped --
only stuff that has been linked against the tcp wrappers library can
be wrapped.  `ALL' can be used as a wildcard.

The second section is a list of domain names or network numbers that
are matched against the source of a connection to the service.
Similarly 'ALL' can be used as a match anything wildcard.

The optional third section allows you to apply supplementary
conditions --- eg RFC931 to do ident lookups --- or to perform some
extra actions, like logging the connection at a different priority or
spawing an arbitrary command.

The sample hosts.allow file has been arranged with related rules
gathered into groups for illustrative purposes and with examples of
many of the sort of gotchas! you can run into.

The last section contains one of "allow", "deny" or "twist ..." --
where "allow" means let the connection proceed as normal, "deny" means
drop the packets and "twist ..." lets you substitute another command
to handle the connection attempt.  "twist" is a bit like "spawn", but
"twist" applies in the last section of the rule and handles the remote
input, whereas "spawn" goes in the optional third section and operates
independently of the remote connection.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
Tel: +44 1628 476614                                  Marlow
Fax: +44 0870 0522645                                 Bucks., SL7 1TH UK

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020724082234.GD88546>