aboutsummaryrefslogblamecommitdiff
path: root/etc/hosts.allow
blob: 8f9aa22ab0c7d0c46af66c15a46a0b28e4066513 (plain) (tree) 
f8b0e8c9ff02

e54b3aebe0a9

9b7a44a60e11

f8b0e8c9ff02

99d2860f1bc4


e54b3aebe0a9


f8b0e8c9ff02

dfe43144ffaf









f8b0e8c9ff02



6a5f5da7090b

f8b0e8c9ff02




6a5f5da7090b

f8b0e8c9ff02




8172e29086d5




f8b0e8c9ff02

be8302343e93






f8b0e8c9ff02


6a5f5da7090b


f8b0e8c9ff02


87178415f453






6a5f5da7090b

dfe43144ffaf

99d2860f1bc4



6a5f5da7090b

f8b0e8c9ff02

6a5f5da7090b



f8b0e8c9ff02









b1be9320f38d

f8b0e8c9ff02

b1be9320f38d

f8b0e8c9ff02

1

2

3

4

5
6

7
8

9

10
11
12
13
14
15
16
17
18

19
20
21

22

23
24
25
26

27

28
29
30
31

32
33
34
35

36

37
38
39
40
41
42

43
44

45
46

47
48

49
50
51
52
53
54

55

56

57
58
59

60

61

62
63
64

65
66
67
68
69
70
71
72
73

74

75

76

77

 
                                                                 
           
 

                                                                    

                                                         
 








                                                                      


                                                                  
                                                    



                                                          
                                         



                                                    



                                                                     
 





                                                     

                                                                 

                                           

                      





                                                                 
                                                            
                                                          


                                            
 
                                               


                                       








                                                                         
                                        
           
                              
                                                                  
#
# hosts.allow access control file for "tcp wrapped" applications.
# $FreeBSD$
#
# NOTE: The hosts.deny file is deprecated.
#       Place both 'allow' and 'deny' rules in the hosts.allow file.
#	See hosts_options(5) for the format of this file.
#	hosts_access(5) no longer fully applies.

#	 _____                                      _          _ 
#	| ____| __  __   __ _   _ __ ___    _ __   | |   ___  | |
#	|  _|   \ \/ /  / _` | | '_ ` _ \  | '_ \  | |  / _ \ | |
#	| |___   >  <  | (_| | | | | | | | | |_) | | | |  __/ |_|
#	|_____| /_/\_\  \__,_| |_| |_| |_| | .__/  |_|  \___| (_)
#					   |_|                   
# !!! This is an example! You will need to modify it for your specific
# !!! requirements!


# Start by allowing everything (this prevents the rest of the file
# from working, so remove it when you need protection).
# The rules here work on a "First match wins" basis.
ALL : ALL : allow

# Wrapping sshd(8) is not normally a good idea, but if you
# need to do it, here's how
#sshd : .evil.cracker.example.com : deny 

# Prevent those with no reverse DNS from connecting.
ALL : PARANOID : RFC931 20 : deny

# Allow anything from localhost.  Note that an IP address (not a host
# name) *MUST* be specified for portmap(8).
ALL : localhost 127.0.0.1 : allow
ALL : my.machine.example.com 192.0.2.35 : allow

# To use IPv6 addresses you must enclose them in []'s
ALL : [fe80::%fxp0]/10 : allow
ALL : [fe80::]/10 : deny
ALL : [3ffe:fffe:2:1:2:3:4:3fe1] : deny
ALL : [3ffe:fffe:2:1::]/64 : allow

# Sendmail can help protect you against spammers and relay-rapers
sendmail : localhost : allow
sendmail : .nice.guy.example.com : allow
sendmail : .evil.cracker.example.com : deny
sendmail : ALL : allow

# Exim is an alternative to sendmail, available in the ports tree
exim : localhost : allow
exim : .nice.guy.example.com : allow
exim : .evil.cracker.example.com : deny
exim : ALL : allow

# Portmapper is used for all RPC services; protect your NFS!
# (IP addresses rather than hostnames *MUST* be used here)
portmap : 192.0.2.32/255.255.255.224 : allow
portmap : 192.0.2.96/255.255.255.224 : allow
portmap : ALL : deny

# Provide a small amount of protection for ftpd
ftpd : localhost : allow
ftpd : .nice.guy.example.com : allow
ftpd : .evil.cracker.example.com : deny
ftpd : ALL : allow

# You need to be clever with finger; do _not_ backfinger!! You can easily
# start a "finger war".
fingerd : ALL \
	: spawn (echo Finger. | \
	 /usr/bin/mail -s "tcpd\: %u@%h[%a] fingered me!" root) & \
	: deny

# The rest of the daemons are protected.
ALL : ALL \
	: severity auth.info \
	: twist /bin/echo "You are not welcome to use %d from %h."
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-23 19:00:26 +0000