Am 10.09.2011 19:21, schrieb a.sm...@ukgrid.net: > Hi Walter/all, > > ok nailed it, the issue is the default hosts.allow installed on FreeBSD, > and specifically the last section that > denies everything. By default it looks like this: > > # The rest of the daemons are protected. > ALL : ALL \ > : severity auth.info \ > : twist /bin/echo "You are not welcome to use %d from %h." > > The twist command breaks it. In theory this is just meant to send a custom > message back to the application calling > the tcp wrapper library. I'm not sure if this should work in theory or not, > but the twist command is also meant to > close the connection so possibly the behaviour I see is normal and just not > compatible with MySQL. > > Anyway, its not a great default for FreeBSD given that MySQL also installs by > default with support for tcp > wrappers. The two together results in a broken configuration.
well, and that is why i said nobody is using hosts.allow in real life if you want to protect anything use packet-filters i have seen so many peopole typing something in hosts.allow and not realizing that the service is not using tcp-wrappers which means there is no protection - additionaly most peopole doe snot test their configurations really well the point of "not testing configurations" affects you too because if you would have tested this the issue would have been happened after the first connection long before go in production
signature.asc
Description: OpenPGP digital signature
