#ident	"@(#)ETC:$Name$:$Id$"
#
#       hosts.allow - tcp_wrappers / libwrap.a control
#
# WARNING:  this example permits the private network 192.168.1.0!
#
# First match wins.  See also /etc/hosts.deny, if it exists.
#
# See also both hosts_access(5) and hosts_options(5).
#
rpcbind:PARANOID:DENY
rpcbind:127.0.0.1, 192.168.1.0/255.255.255.0 10.0.1.0/255.255.255.0 :ALLOW
rpcbind:ALL:DENY
#
snmpd:PARANOID:DENY
snmpd:127.0.0.1, 192.168.1.0/255.255.255.0 10.0.1.0/255.255.255.0 :ALLOW
snmpd:ALL:DENY
#
tftpd:PARANOID:DENY
tftpd:192.168.1.0/255.255.255.0 10.0.1.0/255.255.255.0 :ALLOW
tftpd:ALL:spawn ((echo "%s[%p] refused connection from %c\n\n"; /usr/bin/finger -l @%h) | /usr/bin/Mail -s "tftp attempt" staff) &:severity auth.notice:DENY
tftpd:ALL:DENY
#
# NOTE: these are not needed with the new fingerd
#fingerd:PARANOID:rfc931:banners /etc/banners-deny:DENY
#fingerd:ALL:banners /etc/banners:ALLOW
#
ftpd:PARANOID:rfc931:banners /etc/banners-deny:DENY
ftpd:ALL:rfc931:banners /etc/banners:ALLOW
#
rlogind:PARANOID:rfc931:banners /etc/banners-deny:DENY
rlogind:127.0.0.1, 192.168.1.0/255.255.255.0 10.0.1.0/255.255.255.0 :rfc931:banners /etc/banners:ALLOW
rlogind:ALL:DENY
#
# NOTE: the 'paranoid' check is not needed if you use "rshd -a"
#rshd:PARANOID:rfc931:DENY
rshd:127.0.0.1, 192.168.1.0/255.255.255.0 10.0.1.0/255.255.255.0 :rfc931:ALLOW
rshd:ALL:DENY
#
telnetd:PARANOID:rfc931:banners /etc/banners-deny:DENY
telnetd:127.0.0.1, 192.168.1.0/255.255.255.0 10.0.1.0/255.255.255.0 :rfc931:banners /etc/banners:ALLOW
telnetd:ALL:DENY
#
sshd:ALL:ALLOW
#
# paranoid match for everything else
#
#ALL:ALL:banners /etc/banners-deny:DENY