[CLUE-Tech] daemon question
dan radom
dan at radom.org
Wed Dec 10 21:49:57 MST 2003
* Jed S. Baer (thag at frii.com) wrote:
> On Wed, 10 Dec 2003 19:40:08 -0700
> Charles Oriez <coriez at oriez.org> wrote:
>
> > I'm about to start playing with the hosts.deny file on one of my servers
> > to block access for domains known to be spidering my site looking for
> > email addresses.
> >
> > once I add things to hosts.deny, do I need to bounce the daemons to have
> > the changes take effect, or not?
>
> I don't know, but I'll add another question. What is the scope of the
> hosts.allow/deny files? I recall reading about these quite a while ago,
> and concluding that they controlled only some TCP/IP traffic. Perhaps only
> those services using inetd? At any rate, I can state that they did not
> deny probing on my samba server, which I was starting out of rc.d, not
> inetd. I know this because I had put a host restriction in my smb.conf
> file, and my samba logs were full of "access denied" listings for lots of
> IP addresses. Ratcheting up my firewall stopped that.
>
> jed
> --
see man 5 hosts_access. hosts_access(5) only works with apps that have
libwrap support, or that are ran with tcpd. iptables is the way to go on
this.
More information about the clue-tech
mailing list