subject:"RE\\\: \\\[leaf\\\-devel\\\] Hosts.deny \\\& hosts.allow"

Re: [leaf-devel] Hosts.deny hosts.allow

2006-05-02 Thread David Douthitt


Martin Hejl wrote:

Hm - I'm not quite sure what you mean. Do you mean that if you hit reply
to a mail on the list (instead of reply all) it will only go to the
person who wrote the mail, instead of the list? If that's the case, and
you really care to know the gory details, it's something that's part of
the configuration of all our lists (and it's a good thing


...well that's debatable ;-)

I noticed that, while Sourceforge does this as a matter of course, 
Yahoo! does not


For whoever cares about such things...


---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] Hosts.deny hosts.allow

2006-05-02 Thread David Douthitt


Jorn Eriksen wrote:

I guess the question would be then - for new users - how will they know what
to search for (i.e hosts.deny hosts.allow) when they do not know that
is/could be the problem?



If a new users take the Floppy, CD or Stick version, add a package (say
SNMPD) and open the correct ports in Shorewall and try to get snmp to work
(f.ex from MRTG) - it will not work out of the box.


My thoughts would be these:

* Add comments liberally
* Create documentation, both in general (available elsewhere) and within 
the package being added
* Add a script that will configure the proper openings into the firewall 
and/or tcpwrappers


Thoughts?



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] Hosts.deny hosts.allow

2006-05-02 Thread Mike Noyes

On Tue, 2006-05-02 at 07:55, David Douthitt wrote:
 Martin Hejl wrote:
  Hm - I'm not quite sure what you mean. Do you mean that if you hit reply
  to a mail on the list (instead of reply all) it will only go to the
  person who wrote the mail, instead of the list? If that's the case, and
  you really care to know the gory details, it's something that's part of
  the configuration of all our lists (and it's a good thing
 
 ...well that's debatable ;-)

David,
Very, and it usually ends in a flame war. :-(

 I noticed that, while Sourceforge does this as a matter of course, 
 Yahoo! does not

SF isn't the one responsible for this behavior. Mailman defaults this
way, and SF is following the Mailman recommended setting.

The Mailman Cabal follow RFC's when possible. Munging email header
fields isn't recommended for a variety of reasons.

Does Yahoo implement list headers?
http://www.ietf.org/rfc/rfc2369.txt

The preferred solution is mail user agent (MUA) support for
reply-to-list. I note you're using Thunderbird. Unfortunately, that MUA
doesn't support reply-to-list at this time.

Note: there is a mailman patch from Marc Merlin that makes list
reply to munging user configurable. I'm not sure if it made it
into the 2.1.x releases.


http://mail.python.org/pipermail/mailman-developers/2002-March/011104.html

 For whoever cares about such things...

Lots of people do, and it's debated often. :-(


https://sourceforge.net/docman/display_doc.php?docid=6695group_id=1#reply_to_munging
Reply-To Munging Considered Harmful
Reply-To Munging Considered Useful
List Reply-To considered harmful, by Marc Merlin (former
postmaster for SourceForge.net)

-- 
Mike Noyes mhnoyes at users.sourceforge.net
http://sourceforge.net/users/mhnoyes/
SF.net Projects: leaf, phpwebsite, phpwebsite-comm, sitedocs



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] Hosts.deny hosts.allow

2006-04-28 Thread Larry Platzek

On Thu, 27 Apr 2006, Mike Noyes wrote:

Date: Thu, 27 Apr 2006 09:11:02 -0700
From: Mike Noyes [EMAIL PROTECTED]
To: leaf-devel@lists.sourceforge.net
Subject: Re: [leaf-devel] Hosts.deny  hosts.allow

On Thu, 2006-04-27 at 08:25, Larry Platzek wrote:

On Tue, 25 Apr 2006, Martin Hejl wrote:

Date: Tue, 25 Apr 2006 12:31:09 +0200
From: Martin Hejl [EMAIL PROTECTED]
To: leaf-devel@lists.sourceforge.net
Subject: Re: [leaf-devel] Hosts.deny  hosts.allow

please post plain text messages only - text + HTML can be rejected by
the list-server/list-admin.

If I am originating the HTML I am sorry. Please let me know as I have
looked and do not see HTML and also do not see howto configue pine to
send HTML  or not/

Larry,
The link below should help. Please let me know, if you have any
problems.

   http://www.expita.com/nomime.html#pine

--
Mike Noyes mhnoyes at users.sourceforge.net
http://sourceforge.net/users/mhnoyes/
SF.net Projects: leaf, phpwebsite, phpwebsite-comm, sitedocs

---

Thank you Mike!
I did make a change the include- hope this works.

One of these days will have to check on why to: in the to field when 
composing or replying.

Larry Platzek  [EMAIL PROTECTED]

---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

RE: [leaf-devel] Hosts.deny hosts.allow

2006-04-25 Thread Jorn Eriksen

Larry  All

I think that will work but I hope the  documentation will also be changed
as It has been the same since LRP day
I'll write a little something for that now that I have started to dive into
the XLM documentation :-)

Best regards
Jørn


-Original Message-
From: Larry Platzek [mailto:[EMAIL PROTECTED]
Sent: 25. april 2006 08:40
To: Jorn Eriksen
Cc: leaf-devel@lists.sourceforge.net
Subject: RE: [leaf-devel] Hosts.deny  hosts.allow


Hello Jorn  All,

On Mon, 24 Apr 2006, Jorn Eriksen wrote:

 Date: Mon, 24 Apr 2006 17:48:26 +0200
 From: Jorn Eriksen [EMAIL PROTECTED]
 To: 'Larry Platzek' [EMAIL PROTECTED]
 Cc: leaf-devel@lists.sourceforge.net
 Subject: RE: [leaf-devel] Hosts.deny  hosts.allow

 Hello Larry  All,

 What I wanted was to add a # in front of the etries presently in
 hosts.deny  hosts.allow
 in order to make other functionallty to work out of the box - without
visits
 to misc files.
I think that will work but I hope the  documentation will also be changed
as It has been the same since LRP days.


 As I understand these files need to bevisited anyhow, at least with the
 present setup in the mentioned files, in order to get LEAF to work as
 special servers with outside access.  With functionalty that do not
require
 connections from the outside (that is what I presume modelrailroad would
be)
 my proposal would handle as well.
Yes, I do block access from outside my network. I will uncomment the lines
to add a little more protection.

I expected others to have said some for or against the proposed change.
Oh well...

Sorry did not reply sooner but have been away from my computers from
shortly after emailling my first response.


 And - we would also take some input to other frequently used lines in the
 mentioned files that we can add with a # in front.

 Jorn
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Larry
 Platzek
 Sent: 24. april 2006 17:15
 To: Jorn Eriksen
 Cc: leaf-devel@lists.sourceforge.net
 Subject: Re: [leaf-devel] Hosts.deny  hosts.allow


 On Mon, 24 Apr 2006, Jorn Eriksen wrote:

 Date: Mon, 24 Apr 2006 15:13:40 +0200
 From: Jorn Eriksen [EMAIL PROTECTED]
 To: leaf-devel@lists.sourceforge.net
 Subject: [leaf-devel] Hosts.deny  hosts.allow

 Hello All,

 I was wondering if there is any particular reason why there are entries
in
 hosts.allow  hosts.deny in the standard etc.lrp file?  Since Shorewall
is
 there, these files just seams to create uneccecary issues. Unless there
 are
 some reasons why they are there, I move to remove these entries.

 Best regards
 Jørn

 You man like if shorewall is removed to make room?
 This images can be used for other things like dealling with model
 railroading.
 I will let other reply more if they wish.

 Larry Platzek  [EMAIL PROTECTED]


Larry Platzek  [EMAIL PROTECTED]



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid0709bid3057dat1642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

RE: [leaf-devel] Hosts.deny hosts.allow

2006-04-25 Thread Larry Platzek

Hello Jorn  All,

On Mon, 24 Apr 2006, Jorn Eriksen wrote:

Date: Mon, 24 Apr 2006 17:48:26 +0200
From: Jorn Eriksen [EMAIL PROTECTED]
To: 'Larry Platzek' [EMAIL PROTECTED]
Cc: leaf-devel@lists.sourceforge.net
Subject: RE: [leaf-devel] Hosts.deny  hosts.allow

Hello Larry  All,

What I wanted was to add a # in front of the etries presently in
hosts.deny  hosts.allow
in order to make other functionallty to work out of the box - without visits
to misc files.
I think that will work but I hope the  documentation will also be changed 
as It has been the same since LRP days.

As I understand these files need to bevisited anyhow, at least with the
present setup in the mentioned files, in order to get LEAF to work as
special servers with outside access.  With functionalty that do not require
connections from the outside (that is what I presume modelrailroad would be)
my proposal would handle as well.
Yes, I do block access from outside my network. I will uncomment the lines 
to add a little more protection.

I expected others to have said some for or against the proposed change.
Oh well...

Sorry did not reply sooner but have been away from my computers from 
shortly after emailling my first response.

And - we would also take some input to other frequently used lines in the
mentioned files that we can add with a # in front.

Jorn
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Larry
Platzek
Sent: 24. april 2006 17:15
To: Jorn Eriksen
Cc: leaf-devel@lists.sourceforge.net
Subject: Re: [leaf-devel] Hosts.deny  hosts.allow

On Mon, 24 Apr 2006, Jorn Eriksen wrote:

Date: Mon, 24 Apr 2006 15:13:40 +0200
From: Jorn Eriksen [EMAIL PROTECTED]
To: leaf-devel@lists.sourceforge.net
Subject: [leaf-devel] Hosts.deny  hosts.allow

Hello All,

I was wondering if there is any particular reason why there are entries in
hosts.allow  hosts.deny in the standard etc.lrp file?  Since Shorewall is
there, these files just seams to create uneccecary issues. Unless there

are

some reasons why they are there, I move to remove these entries.

Best regards
Jørn

You man like if shorewall is removed to make room?
This images can be used for other things like dealling with model
railroading.
I will let other reply more if they wish.

Larry Platzek  [EMAIL PROTECTED]

Larry Platzek  [EMAIL PROTECTED]

Re: [leaf-devel] Hosts.deny hosts.allow

2006-04-25 Thread Martin Hejl

Hi Larry and Jorn,

please post plain text messages only - text + HTML can be rejected by
the list-server/list-admin.

 I expected others to have said some for or against the proposed change.
 Oh well...
This has been discussed about two weeks ago on leaf-user (which was the
reason I didn't say anything earlier).

See:
http://sourceforge.net/mailarchive/forum.php?thread_id=10135863forum_id=5483

The short version is that it's a sane default, and somebody who wants to
get rid of libwrap checking can simply add ALL: ALL to hosts.allow.
IMHO, the default config should not be as open as possible, but rather
as secure as possible, and somebody who wants to open the box to the
outside world has to make the change manually.

Martin



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] Hosts.deny hosts.allow

2006-04-25 Thread David Douthitt


Martin Hejl wrote:

The short version is that it's a sane default, and somebody who wants to
get rid of libwrap checking can simply add ALL: ALL to hosts.allow.
IMHO, the default config should not be as open as possible, but rather
as secure as possible, and somebody who wants to open the box to the
outside world has to make the change manually.


Agreed and seconded!

As to why, several rules of good security are in play:

First is Security in Depth.  If the firewall fails or is 
misconfigured, then the tcpwrappers will be a second line of defense.


Second is the rule that states one should close all ports as much as 
possible.


Lastly, consider that tcpwrappers are more flexible than the standard 
firewall.  Logging and other details are done, and the wrappers are used 
on a per daemon basis.



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

RE: [leaf-devel] Hosts.deny hosts.allow

2006-04-25 Thread Jorn Eriksen

Martin  All

This has been discussed about two weeks ago on leaf-user (which was the
reason I didn't say anything earlier).
I've given up trying to floow all the users lists for all my projects thus I
did not see that discussion.  I've read trough and it seams to me that there
is issues with libwrap settings as they are now.

Having read trough the comments on commenting out the lines current lines, I
rather then suggest we at least put a the following lines in the hosts.allow
file
- SNIP --
#Uncomment the line below if you soly want to relay on Shorewall for
protection.
#and place a # in fron of the other lines in this file.
#ALL:ALL
- SNIP --

A good idea might also be to add a few comments/samples for commonly used
applications... Like Tom has done for Shorewall.

If we can gather enough samples I can write up a little section for the
docs...

Jorn


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Martin Hejl
Sent: 25. april 2006 12:31
To: leaf-devel@lists.sourceforge.net
Subject: Re: [leaf-devel] Hosts.deny  hosts.allow


Hi Larry and Jorn,

please post plain text messages only - text + HTML can be rejected by
the list-server/list-admin.

 I expected others to have said some for or against the proposed change.
 Oh well...
This has been discussed about two weeks ago on leaf-user (which was the
reason I didn't say anything earlier).

See:
http://sourceforge.net/mailarchive/forum.php?thread_id=10135863forum_id=548
3

The short version is that it's a sane default, and somebody who wants to
get rid of libwrap checking can simply add ALL: ALL to hosts.allow.
IMHO, the default config should not be as open as possible, but rather
as secure as possible, and somebody who wants to open the box to the
outside world has to make the change manually.

Martin



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] Hosts.deny hosts.allow

2006-04-24 Thread Larry Platzek

On Mon, 24 Apr 2006, Jorn Eriksen wrote:

Date: Mon, 24 Apr 2006 15:13:40 +0200
From: Jorn Eriksen [EMAIL PROTECTED]
To: leaf-devel@lists.sourceforge.net
Subject: [leaf-devel] Hosts.deny  hosts.allow

Hello All,

I was wondering if there is any particular reason why there are entries in
hosts.allow  hosts.deny in the standard etc.lrp file?  Since Shorewall is
there, these files just seams to create uneccecary issues. Unless there are
some reasons why they are there, I move to remove these entries.

Best regards
Jørn

You man like if shorewall is removed to make room?
This images can be used for other things like dealling with model 
railroading.

I will let other reply more if they wish.

Larry Platzek  [EMAIL PROTECTED]

RE: [leaf-devel] Hosts.deny hosts.allow

2006-04-24 Thread Jorn Eriksen

Hello Larry  All,

What I wanted was to add a # in front of the etries presently in
hosts.deny  hosts.allow
in order to make other functionallty to work out of the box - without visits
to misc files.

As I understand these files need to bevisited anyhow, at least with the
present setup in the mentioned files, in order to get LEAF to work as
special servers with outside access.  With functionalty that do not require
connections from the outside (that is what I presume modelrailroad would be)
my proposal would handle as well.

And - we would also take some input to other frequently used lines in the
mentioned files that we can add with a # in front.

Jorn
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Larry
Platzek
Sent: 24. april 2006 17:15
To: Jorn Eriksen
Cc: leaf-devel@lists.sourceforge.net
Subject: Re: [leaf-devel] Hosts.deny  hosts.allow


On Mon, 24 Apr 2006, Jorn Eriksen wrote:

 Date: Mon, 24 Apr 2006 15:13:40 +0200
 From: Jorn Eriksen [EMAIL PROTECTED]
 To: leaf-devel@lists.sourceforge.net
 Subject: [leaf-devel] Hosts.deny  hosts.allow

 Hello All,

 I was wondering if there is any particular reason why there are entries in
 hosts.allow  hosts.deny in the standard etc.lrp file?  Since Shorewall is
 there, these files just seams to create uneccecary issues. Unless there
are
 some reasons why they are there, I move to remove these entries.

 Best regards
 Jørn

You man like if shorewall is removed to make room?
This images can be used for other things like dealling with model
railroading.
I will let other reply more if they wish.

Larry Platzek  [EMAIL PROTECTED]



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid0709bid3057dat1642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] Hosts.deny hosts.allow

Re: [leaf-devel] Hosts.deny hosts.allow

Re: [leaf-devel] Hosts.deny hosts.allow

Re: [leaf-devel] Hosts.deny hosts.allow

RE: [leaf-devel] Hosts.deny hosts.allow

RE: [leaf-devel] Hosts.deny hosts.allow

Re: [leaf-devel] Hosts.deny hosts.allow

Re: [leaf-devel] Hosts.deny hosts.allow

RE: [leaf-devel] Hosts.deny hosts.allow

Re: [leaf-devel] Hosts.deny hosts.allow

RE: [leaf-devel] Hosts.deny hosts.allow

11 matches

Site Navigation

Mail list logo

Footer information