rh9中的vsftpd，tcp-wrapper如何控制安全

sunaska

恩，应该是反向解析的问题，偶再做做实验看，因为偶的dns反向解析就简单地做了一下，主要做的还是正向的！而且既然能控制ip，那么tcp-wrapper的确是正常工作的。

大坏羊

你man hosts.deny，里面有几个选项UNKNOWN PARANOID ALL KNOWN
对解析问题比较有用

       ALL    The universal wildcard, always matches.

       LOCAL  Matches any host whose name does not contain a dot character.

       UNKNOWN
              Matches  any  user  whose  name is unknown, and matches any host
              whose name or address are unknown.  This pattern should be  used
              with  care:  host names may be unavailable due to temporary name
              server problems. A network address will be unavailable when  the
              software  cannot  figure  out what type of network it is talking
              to.

       KNOWN  Matches any user whose name is known, and matches any host whose
              name  and  address  are  known. This pattern should be used with
              care: host names may be unavailable due to temporary name server
              problems.   A network address will be unavailable when the soft-
              ware cannot figure out what type of network it is talking to.

       PARANOID
              Matches any host whose name does not match  its  address.   When
              tcpd  is built with -DPARANOID (default mode), it drops requests
              from such clients even before  looking  at  the  access  control
              tables.   Build  without  -DPARANOID  when you want more control
              over such requests.