Re: [leaf-devel] Hosts.deny hosts.allow
Martin Hejl wrote: Hm - I'm not quite sure what you mean. Do you mean that if you hit reply to a mail on the list (instead of reply all) it will only go to the person who wrote the mail, instead of the list? If that's the case, and you really care to know the gory details, it's something that's part of the configuration of all our lists (and it's a good thing ...well that's debatable ;-) I noticed that, while Sourceforge does this as a matter of course, Yahoo! does not For whoever cares about such things... --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ leaf-devel mailing list leaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [leaf-devel] Hosts.deny hosts.allow
Jorn Eriksen wrote: I guess the question would be then - for new users - how will they know what to search for (i.e hosts.deny hosts.allow) when they do not know that is/could be the problem? If a new users take the Floppy, CD or Stick version, add a package (say SNMPD) and open the correct ports in Shorewall and try to get snmp to work (f.ex from MRTG) - it will not work out of the box. My thoughts would be these: * Add comments liberally * Create documentation, both in general (available elsewhere) and within the package being added * Add a script that will configure the proper openings into the firewall and/or tcpwrappers Thoughts? --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ leaf-devel mailing list leaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [leaf-devel] Hosts.deny hosts.allow
On Tue, 2006-05-02 at 07:55, David Douthitt wrote: Martin Hejl wrote: Hm - I'm not quite sure what you mean. Do you mean that if you hit reply to a mail on the list (instead of reply all) it will only go to the person who wrote the mail, instead of the list? If that's the case, and you really care to know the gory details, it's something that's part of the configuration of all our lists (and it's a good thing ...well that's debatable ;-) David, Very, and it usually ends in a flame war. :-( I noticed that, while Sourceforge does this as a matter of course, Yahoo! does not SF isn't the one responsible for this behavior. Mailman defaults this way, and SF is following the Mailman recommended setting. The Mailman Cabal follow RFC's when possible. Munging email header fields isn't recommended for a variety of reasons. Does Yahoo implement list headers? http://www.ietf.org/rfc/rfc2369.txt The preferred solution is mail user agent (MUA) support for reply-to-list. I note you're using Thunderbird. Unfortunately, that MUA doesn't support reply-to-list at this time. Note: there is a mailman patch from Marc Merlin that makes list reply to munging user configurable. I'm not sure if it made it into the 2.1.x releases. http://mail.python.org/pipermail/mailman-developers/2002-March/011104.html For whoever cares about such things... Lots of people do, and it's debated often. :-( https://sourceforge.net/docman/display_doc.php?docid=6695group_id=1#reply_to_munging Reply-To Munging Considered Harmful Reply-To Munging Considered Useful List Reply-To considered harmful, by Marc Merlin (former postmaster for SourceForge.net) -- Mike Noyes mhnoyes at users.sourceforge.net http://sourceforge.net/users/mhnoyes/ SF.net Projects: leaf, phpwebsite, phpwebsite-comm, sitedocs --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ leaf-devel mailing list leaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [leaf-devel] Hosts.deny hosts.allow
On Thu, 27 Apr 2006, Mike Noyes wrote: Date: Thu, 27 Apr 2006 09:11:02 -0700 From: Mike Noyes [EMAIL PROTECTED] To: leaf-devel@lists.sourceforge.net Subject: Re: [leaf-devel] Hosts.deny hosts.allow On Thu, 2006-04-27 at 08:25, Larry Platzek wrote: On Tue, 25 Apr 2006, Martin Hejl wrote: Date: Tue, 25 Apr 2006 12:31:09 +0200 From: Martin Hejl [EMAIL PROTECTED] To: leaf-devel@lists.sourceforge.net Subject: Re: [leaf-devel] Hosts.deny hosts.allow please post plain text messages only - text + HTML can be rejected by the list-server/list-admin. If I am originating the HTML I am sorry. Please let me know as I have looked and do not see HTML and also do not see howto configue pine to send HTML or not/ Larry, The link below should help. Please let me know, if you have any problems. http://www.expita.com/nomime.html#pine -- Mike Noyes mhnoyes at users.sourceforge.net http://sourceforge.net/users/mhnoyes/ SF.net Projects: leaf, phpwebsite, phpwebsite-comm, sitedocs --- Thank you Mike! I did make a change the include- hope this works. One of these days will have to check on why to: in the to field when composing or replying. Larry Platzek [EMAIL PROTECTED] --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ leaf-devel mailing list leaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [leaf-devel] Hosts.deny hosts.allow
Larry All I think that will work but I hope the documentation will also be changed as It has been the same since LRP day I'll write a little something for that now that I have started to dive into the XLM documentation :-) Best regards Jørn -Original Message- From: Larry Platzek [mailto:[EMAIL PROTECTED] Sent: 25. april 2006 08:40 To: Jorn Eriksen Cc: leaf-devel@lists.sourceforge.net Subject: RE: [leaf-devel] Hosts.deny hosts.allow Hello Jorn All, On Mon, 24 Apr 2006, Jorn Eriksen wrote: Date: Mon, 24 Apr 2006 17:48:26 +0200 From: Jorn Eriksen [EMAIL PROTECTED] To: 'Larry Platzek' [EMAIL PROTECTED] Cc: leaf-devel@lists.sourceforge.net Subject: RE: [leaf-devel] Hosts.deny hosts.allow Hello Larry All, What I wanted was to add a # in front of the etries presently in hosts.deny hosts.allow in order to make other functionallty to work out of the box - without visits to misc files. I think that will work but I hope the documentation will also be changed as It has been the same since LRP days. As I understand these files need to bevisited anyhow, at least with the present setup in the mentioned files, in order to get LEAF to work as special servers with outside access. With functionalty that do not require connections from the outside (that is what I presume modelrailroad would be) my proposal would handle as well. Yes, I do block access from outside my network. I will uncomment the lines to add a little more protection. I expected others to have said some for or against the proposed change. Oh well... Sorry did not reply sooner but have been away from my computers from shortly after emailling my first response. And - we would also take some input to other frequently used lines in the mentioned files that we can add with a # in front. Jorn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Larry Platzek Sent: 24. april 2006 17:15 To: Jorn Eriksen Cc: leaf-devel@lists.sourceforge.net Subject: Re: [leaf-devel] Hosts.deny hosts.allow On Mon, 24 Apr 2006, Jorn Eriksen wrote: Date: Mon, 24 Apr 2006 15:13:40 +0200 From: Jorn Eriksen [EMAIL PROTECTED] To: leaf-devel@lists.sourceforge.net Subject: [leaf-devel] Hosts.deny hosts.allow Hello All, I was wondering if there is any particular reason why there are entries in hosts.allow hosts.deny in the standard etc.lrp file? Since Shorewall is there, these files just seams to create uneccecary issues. Unless there are some reasons why they are there, I move to remove these entries. Best regards Jørn You man like if shorewall is removed to make room? This images can be used for other things like dealling with model railroading. I will let other reply more if they wish. Larry Platzek [EMAIL PROTECTED] Larry Platzek [EMAIL PROTECTED] --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid0709bid3057dat1642 ___ leaf-devel mailing list leaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [leaf-devel] Hosts.deny hosts.allow
Hello Jorn All, On Mon, 24 Apr 2006, Jorn Eriksen wrote: Date: Mon, 24 Apr 2006 17:48:26 +0200 From: Jorn Eriksen [EMAIL PROTECTED] To: 'Larry Platzek' [EMAIL PROTECTED] Cc: leaf-devel@lists.sourceforge.net Subject: RE: [leaf-devel] Hosts.deny hosts.allow Hello Larry All, What I wanted was to add a # in front of the etries presently in hosts.deny hosts.allow in order to make other functionallty to work out of the box - without visits to misc files. I think that will work but I hope the documentation will also be changed as It has been the same since LRP days. As I understand these files need to bevisited anyhow, at least with the present setup in the mentioned files, in order to get LEAF to work as special servers with outside access. With functionalty that do not require connections from the outside (that is what I presume modelrailroad would be) my proposal would handle as well. Yes, I do block access from outside my network. I will uncomment the lines to add a little more protection. I expected others to have said some for or against the proposed change. Oh well... Sorry did not reply sooner but have been away from my computers from shortly after emailling my first response. And - we would also take some input to other frequently used lines in the mentioned files that we can add with a # in front. Jorn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Larry Platzek Sent: 24. april 2006 17:15 To: Jorn Eriksen Cc: leaf-devel@lists.sourceforge.net Subject: Re: [leaf-devel] Hosts.deny hosts.allow On Mon, 24 Apr 2006, Jorn Eriksen wrote: Date: Mon, 24 Apr 2006 15:13:40 +0200 From: Jorn Eriksen [EMAIL PROTECTED] To: leaf-devel@lists.sourceforge.net Subject: [leaf-devel] Hosts.deny hosts.allow Hello All, I was wondering if there is any particular reason why there are entries in hosts.allow hosts.deny in the standard etc.lrp file? Since Shorewall is there, these files just seams to create uneccecary issues. Unless there are some reasons why they are there, I move to remove these entries. Best regards Jørn You man like if shorewall is removed to make room? This images can be used for other things like dealling with model railroading. I will let other reply more if they wish. Larry Platzek [EMAIL PROTECTED] Larry Platzek [EMAIL PROTECTED]
Re: [leaf-devel] Hosts.deny hosts.allow
Hi Larry and Jorn, please post plain text messages only - text + HTML can be rejected by the list-server/list-admin. I expected others to have said some for or against the proposed change. Oh well... This has been discussed about two weeks ago on leaf-user (which was the reason I didn't say anything earlier). See: http://sourceforge.net/mailarchive/forum.php?thread_id=10135863forum_id=5483 The short version is that it's a sane default, and somebody who wants to get rid of libwrap checking can simply add ALL: ALL to hosts.allow. IMHO, the default config should not be as open as possible, but rather as secure as possible, and somebody who wants to open the box to the outside world has to make the change manually. Martin --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ leaf-devel mailing list leaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [leaf-devel] Hosts.deny hosts.allow
Martin Hejl wrote: The short version is that it's a sane default, and somebody who wants to get rid of libwrap checking can simply add ALL: ALL to hosts.allow. IMHO, the default config should not be as open as possible, but rather as secure as possible, and somebody who wants to open the box to the outside world has to make the change manually. Agreed and seconded! As to why, several rules of good security are in play: First is Security in Depth. If the firewall fails or is misconfigured, then the tcpwrappers will be a second line of defense. Second is the rule that states one should close all ports as much as possible. Lastly, consider that tcpwrappers are more flexible than the standard firewall. Logging and other details are done, and the wrappers are used on a per daemon basis. --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ leaf-devel mailing list leaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [leaf-devel] Hosts.deny hosts.allow
Martin All This has been discussed about two weeks ago on leaf-user (which was the reason I didn't say anything earlier). I've given up trying to floow all the users lists for all my projects thus I did not see that discussion. I've read trough and it seams to me that there is issues with libwrap settings as they are now. Having read trough the comments on commenting out the lines current lines, I rather then suggest we at least put a the following lines in the hosts.allow file - SNIP -- #Uncomment the line below if you soly want to relay on Shorewall for protection. #and place a # in fron of the other lines in this file. #ALL:ALL - SNIP -- A good idea might also be to add a few comments/samples for commonly used applications... Like Tom has done for Shorewall. If we can gather enough samples I can write up a little section for the docs... Jorn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Martin Hejl Sent: 25. april 2006 12:31 To: leaf-devel@lists.sourceforge.net Subject: Re: [leaf-devel] Hosts.deny hosts.allow Hi Larry and Jorn, please post plain text messages only - text + HTML can be rejected by the list-server/list-admin. I expected others to have said some for or against the proposed change. Oh well... This has been discussed about two weeks ago on leaf-user (which was the reason I didn't say anything earlier). See: http://sourceforge.net/mailarchive/forum.php?thread_id=10135863forum_id=548 3 The short version is that it's a sane default, and somebody who wants to get rid of libwrap checking can simply add ALL: ALL to hosts.allow. IMHO, the default config should not be as open as possible, but rather as secure as possible, and somebody who wants to open the box to the outside world has to make the change manually. Martin --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ leaf-devel mailing list leaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-devel --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ leaf-devel mailing list leaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [leaf-devel] Hosts.deny hosts.allow
On Mon, 24 Apr 2006, Jorn Eriksen wrote: Date: Mon, 24 Apr 2006 15:13:40 +0200 From: Jorn Eriksen [EMAIL PROTECTED] To: leaf-devel@lists.sourceforge.net Subject: [leaf-devel] Hosts.deny hosts.allow Hello All, I was wondering if there is any particular reason why there are entries in hosts.allow hosts.deny in the standard etc.lrp file? Since Shorewall is there, these files just seams to create uneccecary issues. Unless there are some reasons why they are there, I move to remove these entries. Best regards Jørn You man like if shorewall is removed to make room? This images can be used for other things like dealling with model railroading. I will let other reply more if they wish. Larry Platzek [EMAIL PROTECTED]
RE: [leaf-devel] Hosts.deny hosts.allow
Hello Larry All, What I wanted was to add a # in front of the etries presently in hosts.deny hosts.allow in order to make other functionallty to work out of the box - without visits to misc files. As I understand these files need to bevisited anyhow, at least with the present setup in the mentioned files, in order to get LEAF to work as special servers with outside access. With functionalty that do not require connections from the outside (that is what I presume modelrailroad would be) my proposal would handle as well. And - we would also take some input to other frequently used lines in the mentioned files that we can add with a # in front. Jorn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Larry Platzek Sent: 24. april 2006 17:15 To: Jorn Eriksen Cc: leaf-devel@lists.sourceforge.net Subject: Re: [leaf-devel] Hosts.deny hosts.allow On Mon, 24 Apr 2006, Jorn Eriksen wrote: Date: Mon, 24 Apr 2006 15:13:40 +0200 From: Jorn Eriksen [EMAIL PROTECTED] To: leaf-devel@lists.sourceforge.net Subject: [leaf-devel] Hosts.deny hosts.allow Hello All, I was wondering if there is any particular reason why there are entries in hosts.allow hosts.deny in the standard etc.lrp file? Since Shorewall is there, these files just seams to create uneccecary issues. Unless there are some reasons why they are there, I move to remove these entries. Best regards Jørn You man like if shorewall is removed to make room? This images can be used for other things like dealling with model railroading. I will let other reply more if they wish. Larry Platzek [EMAIL PROTECTED] --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid0709bid3057dat1642 ___ leaf-devel mailing list leaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-devel