[lug] ipchains (another) question
John Karns
jkarns at csd.net
Thu Sep 14 23:25:24 MDT 2000
On Thu, 14 Sep 2000, Glenn Murray was reputed to have said:
> Hi,
>
> I am installing Debian on a box I am intending to use
> as a server and I wish to be able to telnet into it.
>
> I can telnet in when the input policy is ACCEPT, but
> I'm wondering if it is possible to have a policy of
> DENY and then accept the packets I want to accept.
>
> This latter system works on my workstation, allowing
> me to telnet, ftp, out (but not in).
This brings up a related question I have. When attempting to use this
type of mechanism via tcp wrappers (regarding an ftp session, for
example), if I specify 'ALL' in /etc/hosts.deny, then it blocks all
machines and I'm not able to use effectively use tcp wrappers. It's been
a few months since I've done this, but IIRC I saw an error about a reverse
lookup failure on one of the machines (can't remember if it was the
'server' or the 'client').
I should say that I don't use DNS on the home LAN, just /etc/hosts files.
My gut feeling is that tcp wrappers depends on DNS. Is this correct?
Prolly ipchains is the way to go with it anyway, but it would be nice to
understand tcp wrappers a little better.
----------------------------------------------------------------------
John Karns jkarns at csd.net
Bogota, Colombia Voice: 57-1-341-0300
More information about the LUG
mailing list