Warren Togami wrote: > Steve Dickson wrote: >> Its been point out that if there are are no rules in either >> /etc/hosts.deny or /etc/hosts.allow there is no need to do any >> validity checking on the incoming address. >> >> Unfortunately there is no interface that will easily >> let me know if there are any rules so I simply read >> in both files looking for non-commented lines. >> >> steved. > > This means if somebody adds a tcp wrapper rule for something other than > mountd, it still effects the behavior of mountd? How does that make any > sense? Good point... > > Why do you not see that "deny on reverse DNS failure" is not mutually > exclusive with "enable TCP wrappers"? This is based upon a > MISINTERPRETATION of how tcp wrappers should behave. You are hard > coding policy into nfs-utils. Please tell how I check a 'mountd: <hostname>' entry in the /etc/hosts.deny with only an IP address without doing a reverse name lookup? > > All you need to do is make "deny on reverse DNS failure" disabled by > default, and let the admin choose to enable it. This would be simpler > than your above imperfect hack as well as more correct. This feels like a bit of hack as well... steved. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
