hosts.allow ?
Jerry McAllister
jerrymc at clunix.cl.msu.edu
Sun Mar 19 20:07:49 UTC 2006
>
> Chris Maness wrote:
>
> > Daniel A. wrote:
> > > On 3/19/06, Chris Maness <chris at chrismaness.com> wrote:
> > >> My denyhost script is doing it's job by adding:
> > >>
> > >> sshd: 62.149.232.105 : deny
> > >>
> > >> to the hosts.allow file, but I see that this host is still making
> > >> attempts to get into my box. Is there a cron job or something
> > >> that has to re-read the hosts.allow file before it the IP will be
> > >> blocked? _______________________________________________
> > >> freebsd-questions at freebsd.org mailing list
> > >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > >> To unsubscribe, send any mail to
> > >> "freebsd-questions-unsubscribe at freebsd.org"
> > >
> > > Offtopic, but
> > > How did you set up denyhosts? Daemon? Cron?
> >
> > p.s.
> >
> > OK, I was able to get to work by just starting out with a blank
> > hosts.allow. Everything is allowed by default, so when denyhosts
> > adds a deny line to the file, it will deny access to that host.
> >
> > Also, sshd can't be started in rc.conf, it has to be started in
> > inetd.conf. Make sure you do a /etc/rc.d/inetd restart after you
> > make changes.
>
> Just out of curiosity, why can 'sshd' not be started from the=20
> '/etc/rc.conf' file?
Hmmm. Do you want sshd or inetd listening on the port and being the
first one to screen things?
Anyway, inetd provides some front end checking and doesn't even start
it if it isn't from an acceptable place.
jerry
>
> =2D-=20
> Gerard Seibert
> gerard at seibercom.net
>
> PGP: http://www.seibercom.net/sig/gerard.asc
>
> --nextPart3654328.GjrC4HtVEj
> Content-Type: application/pgp-signature
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.1 (FreeBSD)
>
> iD8DBQBEHXmFchM2dIO+3uMRAhLqAJ4yUlAdv8F4iOR6XroOBGA1gfmx2wCghmaI
> JA15rhv79wmvbeNUMHdZzXY=
> =irtd
> -----END PGP SIGNATURE-----
>
> --nextPart3654328.GjrC4HtVEj--
>
More information about the freebsd-questions
mailing list