At 06:38 AM 1/14/2002 +0100, you wrote:
On Monday 14 January 2002 06.29, JW wrote:
However, I tried copying SuSE's entry for http-rman and it does no good, I can still log in from anywhere. (which makes me thing it's insecure too - can anyone explain that?)
This is wrong. telnet by itself is no more insecure than any other service that allows logins from the net. Its insecurity comes from the fact that it sends passwords (and everything else) in cleartext. So it's only insecure if you actually use it over the net.
I think you misunderstood what I meant. I was sorta saying that since that syntax didn't work for telnet, I have doubts that it works for http-rman either. But it's an irrelevant point anyway...
IF someone could tell me the syntax for denying telnet to everything _except_ 10.0.0* I'd really appreciate it.
in /etc/hosts.deny ALL:ALL
or, if you have other services with specific permissions, use in.telnetd: ALL
Thank you, thank you, that works good without blocking FTP (important)
in /etc/hosts.allow in.telnetd: 10.0.0.*
should do it.
Unfortunately it didn't - I got refused from 10.0.0.8 and 10.0.0.9 I also tried: in.telnetd: 10.0.0.*. Because one article I found on the web said numerical addresses needed to end in a . and hostnames needed to start with a dot. What ended up working correctly is (in /etc/hosts.allow: in.telnetd: 10.0.0. Thank you very much - I didn't realize you _had_ to use both hosts.deny and hosts.allow.
regards Anders
---------------------------------------------------- Jonathan Wilson System Administrator Cedar Creek Software http://www.cedarcreeksoftware.com Central Texas IT http://www.centraltexasit.com