On Wednesday 08 September 2004 13:06, Jerry Winegarden wrote: > On Sat, 4 Sep 2004, Mike Burger wrote: > > On Sat, 4 Sep 2004, Volker Kindermann wrote: > > > Hi, > > > > > > > I'm willing to open up my box to a subnet xxx.xxx.xxx.0 but so far > > > > the range of ip addresses he is getting is so large, it will defeat > > > > the purpose to blocking ssh because I would have to open up to so > > > > many ranges. Is there any solution? > > <snip> > > > Hmm...alternately, he could use TCPWrappers. In /etc/hosts.deny, add: > > > > "sshd: ALL" > > > > And in /etc/hosts.allow, add: > > sshd: remotesysname.dyndns.org I don't think that would work. If I understand thing correctly, if you have domain name in /etc/hosts.allow, tcpwrappers will do a reverse lookup to see if it match with anything in /etc/hosts.allow. This will give back the dynamic name (ie xxxxxxdialup-xx.xx.comcast.com), not the name you register with dyndns.org (no PTR record for that), and thus not match with in /etc/hosts.allow. Anyway, I tried it and it didn't work. Someone correct my explanation if I'm wrong please. RDB -- Reuben D. Budiardja Dept. Physics and Astronomy University of Tennesse, Knoxville, TN -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GIT/M/MU/P/S d-(++) s: a-- C++(+++) UL++++ P-- L+++>++++ E- W+++ N+ o? K- w--- !O M- V? !PS !PE Y PGP- t+ 5 X R- tv+ b++>+++ DI D(+) G e++>++++ h+(*) r++ y->++++ ------END GEEK CODE BLOCK------ -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
