On Wed, 8 Sep 2004, Reuben D. Budiardja wrote: > On Wednesday 08 September 2004 13:06, Jerry Winegarden wrote: > > On Sat, 4 Sep 2004, Mike Burger wrote: > > > On Sat, 4 Sep 2004, Volker Kindermann wrote: > > > > Hi, > > > > > > > > > I'm willing to open up my box to a subnet xxx.xxx.xxx.0 but so far > > > > > the range of ip addresses he is getting is so large, it will defeat > > > > > the purpose to blocking ssh because I would have to open up to so > > > > > many ranges. Is there any solution? > > > > <snip> > > > > > Hmm...alternately, he could use TCPWrappers. In /etc/hosts.deny, add: > > > > > > "sshd: ALL" > > > > > > And in /etc/hosts.allow, add: > > > > sshd: remotesysname.dyndns.org > > I don't think that would work. If I understand thing correctly, if you have > domain name in /etc/hosts.allow, tcpwrappers will do a reverse lookup to see > if it match with anything in /etc/hosts.allow. This will give back the > dynamic name (ie xxxxxxdialup-xx.xx.comcast.com), not the name you register > with dyndns.org (no PTR record for that), and thus not match with in > /etc/hosts.allow. > > Anyway, I tried it and it didn't work. Someone correct my explanation if I'm > wrong please. > I think it would work if you pointed your nameserver entries in your /etc/resolv.conf file to the name servers of the dydns.org. Then the reverse lookup *should* work, I think. Ben -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
