[lug] "ALL: PARANOID" in /etc/hosts.deny

M Katherine Pagoaga pagoaga at boulder.nist.gov
Mon Feb 28 09:02:32 MST 2000

"McIllece, Matthew W" wrote:
> That's pretty slick!  Does hosts_access automatically fill in the IP address
> for %a and the port number for %d?

Yes.  In the hosts_access man page you will see that there are several other
expansions that can be used.  I tried them all and these were the ones I settled
on.  The only other one which might be of interest is %p which gives the pid.
> Does the PARANOID setting not work with the new format?  Why didn't you use
> it?

I hadn't tried it up until now.  We are behind a firewall, so I didn't work with
it for our internal clients to talk to each other.  My version of tcp_wrappers
has paranoid on and the makefile documentation says it will work.  I just
replaced the second ALL with PARANOID it on my personal machine and it lets the
rpc request from a disallowed machine through without a warning e-mail message. 
I would probably have to work with it more to see what the problem is.
Katherine Pagoaga                         e-mail:  pagoaga at boulder.nist.gov
National Institute of Standards and Technology  Fax:  303-497-7696
Mailstop 896, 325 Broadway                    Phone:  303-497-5104
Boulder, CO USA  80303-3328       Opinions expressed do not represent NIST.

More information about the LUG mailing list