On Wed, Feb 23, 2005 at 08:20:35AM +0200, D u n c a n wrote: > Hie all, > Fedora Core 2 ,squirrelmail ,sendmail > how do i securely insure my hosts.alllow and deny is correctly > configured.At the moment its configured as such: > > hosts.allow > ALLOW : imapd : 127.0.0.1 > ALLOW : sshd : 10.10.10.2 > ALLOW : smtp : 10.10.10.3 > hosts.deny > ALL : ALL > > i just want to allow access to imapd,sshd and my smarthost > Will this kill the DNS service etc .Suggestions welcome First, it will not kill DNS since DNS doesn't use tcp_wrappers. Second, the syntax is incorrect. Third, the service name for sendmail is sendmail, not smtp. You typically want to allow everybody to send you mail. Last, squirrelmail doesn"t use tcp_wrappers so I hope you don't expect that to help you here. Here's what I use for hosts.allow: ALL: LOCAL, .ewilts.home, 192.168.0.0/255.255.255.0, 127.0.0.1 sendmail: ALL smtps: ALL This says to allow all connections from my localhost and my local subnet to every service that uses tcp_wrappers and to except e-mail from everybody. I've left out the piece where I allow ssh connections from my office subnet but that's easy to add. > .Firewall is too costly Fedora Core does include iptables but I believe that tcp_wrappers is far easier to understand. You do have to recognize that this does not work for every service - it won't help you for things like dns, ntp, http, etc. I use tcp_wrappers in addition to a hardware firewall that passes on a few specific ports. A hardware firewall, affectionally known as an LBB (little blue box from Linksys) is fairly inexpensive these days. I saw one (Belkin I think) advertised in last weekends flyers for $10 after mail-in rebate. -- Ed Wilts, RHCE Mounds View, MN, USA mailto:ewilts@xxxxxxxxxx Member #1, Red Hat Community Ambassador Program -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
