tcp_wrappers
Stephane Bortzmeyer
bortzmeyer at nic.fr
Wed Nov 12 15:53:20 UTC 2003
On Wed, Nov 12, 2003 at 04:13:00PM +0100,
Fridtjof Busse <fbusse at gmx.de> wrote
a message of 18 lines which said:
> But I'd like to block all access in hosts.deny and only allow access to
> all zones via hosts.allow to one host (secondary), no zone-specific
> configuration (so I don't have to add another rule to hosts.allow every
> time I create a new zone).
> Any way to do that?
Here is the way I do it:
ns2:~ % more /etc/hosts.deny
# Block everything
ALL: ALL : spawn /bin/logger -i -p daemon.info "%s REFUSED from %a (%h)" : deny
ns2:~ % more /etc/hosts.allow
# Allow for local network only
axfr: 192.134.4.0/255.255.255.0, 192.134.0.49 : spawn /bin/logger -i -p daemon.info "nsd zone transfer (%s) accepted from %a (%h)" : allow
# Per request from Slovenia
axfr-si: 192.2.1.0/255.255.255.0 : spawn /bin/logger -i -p daemon.info "nsd zone transfer (%s) accepted from %a (%h)" : allow
More information about the nsd-users
mailing list