Re: [leaf-devel] Hosts.deny & hosts.allow

[Mike Noyes]

On Tue, 2006-05-02 at 07:55, David Douthitt wrote:
> Martin Hejl wrote:
> > Hm - I'm not quite sure what you mean. Do you mean that if you hit reply
> > to a mail on the list (instead of "reply all") it will only go to the
> > person who wrote the mail, instead of the list? If that's the case, and
> > you really care to know the gory details, it's something that's part of
> > the configuration of all our lists (and it's a good thing
> 
> ...well that's debatable ;-)

David,
Very, and it usually ends in a flame war. :-(

> I noticed that, while Sourceforge does this as a matter of course, 
> Yahoo! does not

SF isn't the one responsible for this behavior. Mailman defaults this
way, and SF is following the Mailman recommended setting.

The Mailman Cabal follow RFC's when possible. Munging email header
fields isn't recommended for a variety of reasons.

Does Yahoo implement list headers?
http://www.ietf.org/rfc/rfc2369.txt

The preferred solution is mail user agent (MUA) support for
reply-to-list. I note you're using Thunderbird. Unfortunately, that MUA
doesn't support reply-to-list at this time.

Note: there is a mailman patch from Marc Merlin that makes list
reply to munging user configurable. I'm not sure if it made it
into the 2.1.x releases.


http://mail.python.org/pipermail/mailman-developers/2002-March/011104.html

> For whoever cares about such things...

Lots of people do, and it's debated often. :-(


https://sourceforge.net/docman/display_doc.php?docid=6695&group_id=1#reply_to_munging
Reply-To Munging Considered Harmful
Reply-To Munging Considered Useful
List Reply-To considered harmful, by Marc Merlin (former
postmaster for SourceForge.net)

-- 
Mike Noyes 
http://sourceforge.net/users/mhnoyes/
SF.net Projects: leaf, phpwebsite, phpwebsite-comm, sitedocs



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] Hosts.deny & hosts.allow

[David Douthitt]

Jorn Eriksen wrote:

I guess the question would be then - for new users - how will they know what
to search for (i.e hosts.deny hosts.allow) when they do not know that
is/could be the problem?



If a new users take the Floppy, CD or Stick version, add a package (say
SNMPD) and open the correct ports in Shorewall and try to get snmp to work
(f.ex from MRTG) - it will not work out of the box.


My thoughts would be these:

* Add comments liberally
* Create documentation, both in general (available elsewhere) and within 
the package being added
* Add a script that will configure the proper openings into the firewall 
and/or tcpwrappers


Thoughts?



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] Hosts.deny & hosts.allow

[David Douthitt]

Martin Hejl wrote:

Hm - I'm not quite sure what you mean. Do you mean that if you hit reply
to a mail on the list (instead of "reply all") it will only go to the
person who wrote the mail, instead of the list? If that's the case, and
you really care to know the gory details, it's something that's part of
the configuration of all our lists (and it's a good thing


...well that's debatable ;-)

I noticed that, while Sourceforge does this as a matter of course, 
Yahoo! does not


For whoever cares about such things...


---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] Hosts.deny & hosts.allow

[Martin Hejl]

Hi Larry,

> I did make a change the "include-" hope this works.
It seems to (for the record, every mail since the first one was
perfectly fine, regarding the encoding). The fact that our current
configuration prohibits MIME encoded mails on our lists has bitten me in
the past too (when forwarding mails to the list, for example), but it's
a reasonable rule, that catches the spam that would otherwise make it
through our other checks - so I guess, while it may be inconvenient at
times, it's worth it.

> One of these days will have to check on why "to:" in the to field when
> composing or replying.
Hm - I'm not quite sure what you mean. Do you mean that if you hit reply
to a mail on the list (instead of "reply all") it will only go to the
person who wrote the mail, instead of the list? If that's the case, and
you really care to know the gory details, it's something that's part of
the configuration of all our lists (and it's a good thing - see
https://sourceforge.net/docman/display_doc.php?docid=6695&group_id=1#reply_to_munging
for plenty of reasons why this is so).

If I misunderstood you and you were referring to something completely
unrelated, sorry for the noise.

Martin



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] Hosts.deny & hosts.allow

[Larry Platzek]

On Thu, 27 Apr 2006, Mike Noyes wrote:


Date: Thu, 27 Apr 2006 09:11:02 -0700
From: Mike Noyes <[EMAIL PROTECTED]>
To: leaf-devel@lists.sourceforge.net
Subject: Re: [leaf-devel] Hosts.deny & hosts.allow

On Thu, 2006-04-27 at 08:25, Larry Platzek wrote:

On Tue, 25 Apr 2006, Martin Hejl wrote:


Date: Tue, 25 Apr 2006 12:31:09 +0200
From: Martin Hejl <[EMAIL PROTECTED]>
To: leaf-devel@lists.sourceforge.net
Subject: Re: [leaf-devel] Hosts.deny & hosts.allow

please post plain text messages only - text + HTML can be rejected by
the list-server/list-admin.


If I am originating the HTML I am sorry. Please let me know as I have
looked and do not see HTML and also do not see howto configue pine to
send HTML  or not/


Larry,
The link below should help. Please let me know, if you have any
problems.

   http://www.expita.com/nomime.html#pine

--
Mike Noyes 
http://sourceforge.net/users/mhnoyes/
SF.net Projects: leaf, phpwebsite, phpwebsite-comm, sitedocs



---

Thank you Mike!
I did make a change the "include-" hope this works.

One of these days will have to check on why "to:" in the to field when 
composing or replying.


Larry Platzek  [EMAIL PROTECTED]



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] Hosts.deny & hosts.allow

[Mike Noyes]

On Thu, 2006-04-27 at 08:25, Larry Platzek wrote:
> On Tue, 25 Apr 2006, Martin Hejl wrote:
> 
> > Date: Tue, 25 Apr 2006 12:31:09 +0200
> > From: Martin Hejl <[EMAIL PROTECTED]>
> > To: leaf-devel@lists.sourceforge.net
> > Subject: Re: [leaf-devel] Hosts.deny & hosts.allow
> > 
> > please post plain text messages only - text + HTML can be rejected by
> > the list-server/list-admin.
> >
> If I am originating the HTML I am sorry. Please let me know as I have 
> looked and do not see HTML and also do not see howto configue pine to 
> send HTML  or not/

Larry,
The link below should help. Please let me know, if you have any
problems.

http://www.expita.com/nomime.html#pine

-- 
Mike Noyes 
http://sourceforge.net/users/mhnoyes/
SF.net Projects: leaf, phpwebsite, phpwebsite-comm, sitedocs



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] Hosts.deny & hosts.allow

[Larry Platzek]

On Tue, 25 Apr 2006, Martin Hejl wrote:


Date: Tue, 25 Apr 2006 12:31:09 +0200
From: Martin Hejl <[EMAIL PROTECTED]>
To: leaf-devel@lists.sourceforge.net
Subject: Re: [leaf-devel] Hosts.deny & hosts.allow

Hi Larry and Jorn,

please post plain text messages only - text + HTML can be rejected by
the list-server/list-admin.

If I am originating the HTML I am sorry. Please let me know as I have 
looked and do not see HTML and also do not see howto configue pine to 
send HTML  or not/



I expected others to have said some for or against the proposed change.
Oh well...

This has been discussed about two weeks ago on leaf-user (which was the
reason I didn't say anything earlier).

See:
http://sourceforge.net/mailarchive/forum.php?thread_id=10135863&forum_id=5483

The short version is that it's a sane default, and somebody who wants to
get rid of libwrap checking can simply add "ALL: ALL" to hosts.allow.
IMHO, the default config should not be as open as possible, but rather
as secure as possible, and somebody who wants to open the box to the
outside world has to make the change manually.

Martin

I do prefe the way it has been but can live with commenting the lines so I 
amd others can just uncoment them plus if going to change from the way was 
to be documented.


 >




Larry Platzek  [EMAIL PROTECTED]



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

RE: [leaf-devel] Hosts.deny & hosts.allow

[Jorn Eriksen]

Martin & All,

I guess the question would be then - for new users - how will they know what
to search for (i.e hosts.deny hosts.allow) when they do not know that
is/could be the problem?   A bit of the hen & the egg problem that is :-)

Seeing the feedback - most of that is due to "special" versions that is
built for this or that. All good stuff. I guess I'm beeing the user advocate
here :-)

If a new users take the Floppy, CD or Stick version, add a package (say
SNMPD) and open the correct ports in Shorewall and try to get snmp to work
(f.ex from MRTG) - it will not work out of the box.  Unfortunately the error
messages can not be said to be over helpful (not blaming anyone here - just
stating a fact).  I ran into that problem this week when upgrading a Bering
FW to a Bering uClibc FW. Eric was kind enough to point out the obvious, and
it this case the problem was myself as I had changed the Bering standard
etc.lrp years ago to get around these issues.  That got me thinking (still
am). What if I where a new user, testing Leaf for the first time. How would
I react to this... So - I was trying to come up with a way to avoid that
situation.  As most people here replying had objections I tried to find a
solution that would work for as many as possible.

I'll start my updating this document:
http://leaf.sourceforge.net/doc/bk01ch08s07.html

I'll also roll my own etc.lrp version (just # out the lines in
hosts.allow/deny ) and will stick in on my leaf  page for folks to use.

Best regards
Jørn
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Martin Hejl
Sent: 26. april 2006 21:22
To: leaf-devel@lists.sourceforge.net
Subject: Re: [leaf-devel] Hosts.deny & hosts.allow


Hi Jorn,

> A good idea might also be to add a few comments/samples for commonly used
> applications... Like Tom has done for Shorewall.
I don't know - I don't believe in keeping the documentation inside the
configuration, and there's more than enough information on hosts.allow
available on the net -
http://www.google.com/search?hl=en&q=hosts.allow&btnG=Google+Search
looks rather promising to me.

But I'm not the one who decides that, so it may well be that the people
who do decide such kinds of things follow your ideas rather than mine -
which would be fine with me too, as long as I'm not asked to write the
docs. I'm just voicing _my_ thoughts. I don't think we should give an
example that would leave people too exposed (like "ALL: ALL"), since I
think that somebody who decides to disable all security checks should
know what he's doing (and not only copying some sample config), but
that's just me.

> If we can gather enough samples I can write up a little section for the
> docs...
You mean something like
http://linux.about.com/od/commands/l/blcmdl5_hostsal.htm#lbAN (which is
on the page pointed to by the first link I get from the google search
mentioned above)? Sure, something like that could be useful - but I
guess it would be duplicating the work somebody else has already done
(unless you have something totally different in mind).

Martin



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] Hosts.deny & hosts.allow

[Martin Hejl]

Hi Jorn,

> A good idea might also be to add a few comments/samples for commonly used
> applications... Like Tom has done for Shorewall.
I don't know - I don't believe in keeping the documentation inside the
configuration, and there's more than enough information on hosts.allow
available on the net -
http://www.google.com/search?hl=en&q=hosts.allow&btnG=Google+Search
looks rather promising to me.

But I'm not the one who decides that, so it may well be that the people
who do decide such kinds of things follow your ideas rather than mine -
which would be fine with me too, as long as I'm not asked to write the
docs. I'm just voicing _my_ thoughts. I don't think we should give an
example that would leave people too exposed (like "ALL: ALL"), since I
think that somebody who decides to disable all security checks should
know what he's doing (and not only copying some sample config), but
that's just me.

> If we can gather enough samples I can write up a little section for the
> docs...
You mean something like
http://linux.about.com/od/commands/l/blcmdl5_hostsal.htm#lbAN (which is
on the page pointed to by the first link I get from the google search
mentioned above)? Sure, something like that could be useful - but I
guess it would be duplicating the work somebody else has already done
(unless you have something totally different in mind).

Martin



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

RE: [leaf-devel] Hosts.deny & hosts.allow

[Jorn Eriksen]

Martin & All

>>This has been discussed about two weeks ago on leaf-user (which was the
>>reason I didn't say anything earlier).
I've given up trying to floow all the users lists for all my projects thus I
did not see that discussion.  I've read trough and it seams to me that there
is issues with libwrap settings as they are now.

Having read trough the comments on commenting out the lines current lines, I
rather then suggest we at least put a the following lines in the hosts.allow
file
- SNIP --
#Uncomment the line below if you soly want to relay on Shorewall for
protection.
#and place a # in fron of the other lines in this file.
#ALL:ALL
- SNIP --

A good idea might also be to add a few comments/samples for commonly used
applications... Like Tom has done for Shorewall.

If we can gather enough samples I can write up a little section for the
docs...

Jorn


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Martin Hejl
Sent: 25. april 2006 12:31
To: leaf-devel@lists.sourceforge.net
Subject: Re: [leaf-devel] Hosts.deny & hosts.allow


Hi Larry and Jorn,

please post plain text messages only - text + HTML can be rejected by
the list-server/list-admin.

> I expected others to have said some for or against the proposed change.
> Oh well...
This has been discussed about two weeks ago on leaf-user (which was the
reason I didn't say anything earlier).

See:
http://sourceforge.net/mailarchive/forum.php?thread_id=10135863&forum_id=548
3

The short version is that it's a sane default, and somebody who wants to
get rid of libwrap checking can simply add "ALL: ALL" to hosts.allow.
IMHO, the default config should not be as open as possible, but rather
as secure as possible, and somebody who wants to open the box to the
outside world has to make the change manually.

Martin



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] Hosts.deny & hosts.allow

[David Douthitt]

Martin Hejl wrote:

The short version is that it's a sane default, and somebody who wants to
get rid of libwrap checking can simply add "ALL: ALL" to hosts.allow.
IMHO, the default config should not be as open as possible, but rather
as secure as possible, and somebody who wants to open the box to the
outside world has to make the change manually.


Agreed and seconded!

As to why, several rules of good security are in play:

First is "Security in Depth."  If the firewall fails or is 
misconfigured, then the tcpwrappers will be a second line of defense.


Second is the rule that states one should close all ports as much as 
possible.


Lastly, consider that tcpwrappers are more flexible than the standard 
firewall.  Logging and other details are done, and the wrappers are used 
on a per daemon basis.



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] Hosts.deny & hosts.allow

[Martin Hejl]

Hi Larry and Jorn,

please post plain text messages only - text + HTML can be rejected by
the list-server/list-admin.

> I expected others to have said some for or against the proposed change.
> Oh well...
This has been discussed about two weeks ago on leaf-user (which was the
reason I didn't say anything earlier).

See:
http://sourceforge.net/mailarchive/forum.php?thread_id=10135863&forum_id=5483

The short version is that it's a sane default, and somebody who wants to
get rid of libwrap checking can simply add "ALL: ALL" to hosts.allow.
IMHO, the default config should not be as open as possible, but rather
as secure as possible, and somebody who wants to open the box to the
outside world has to make the change manually.

Martin



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

RE: [leaf-devel] Hosts.deny & hosts.allow

[Larry Platzek]

Hello Jorn & All,

On Mon, 24 Apr 2006, Jorn Eriksen wrote:


Date: Mon, 24 Apr 2006 17:48:26 +0200
From: Jorn Eriksen <[EMAIL PROTECTED]>
To: 'Larry Platzek' <[EMAIL PROTECTED]>
Cc: leaf-devel@lists.sourceforge.net
Subject: RE: [leaf-devel] Hosts.deny & hosts.allow

Hello Larry & All,

What I wanted was to add a "#" in front of the etries presently in
hosts.deny & hosts.allow
in order to make other functionallty to work out of the box - without visits
to misc files.
I think that will work but I hope the  documentation will also be changed 
as It has been the same since LRP days.




As I understand these files need to bevisited anyhow, at least with the
present setup in the mentioned files, in order to get LEAF to work as
special servers with outside access.  With functionalty that do not require
connections from the outside (that is what I presume modelrailroad would be)
my proposal would handle as well.
Yes, I do block access from outside my network. I will uncomment the lines 
to add a little more protection.


I expected others to have said some for or against the proposed change.
Oh well...

Sorry did not reply sooner but have been away from my computers from 
shortly after emailling my first response.




And - we would also take some input to other frequently used lines in the
mentioned files that we can add with a "#" in front.

Jorn
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Larry
Platzek
Sent: 24. april 2006 17:15
To: Jorn Eriksen
Cc: leaf-devel@lists.sourceforge.net
Subject: Re: [leaf-devel] Hosts.deny & hosts.allow


On Mon, 24 Apr 2006, Jorn Eriksen wrote:


Date: Mon, 24 Apr 2006 15:13:40 +0200
From: Jorn Eriksen <[EMAIL PROTECTED]>
To: leaf-devel@lists.sourceforge.net
Subject: [leaf-devel] Hosts.deny & hosts.allow

Hello All,

I was wondering if there is any particular reason why there are entries in
hosts.allow & hosts.deny in the standard etc.lrp file?  Since Shorewall is
there, these files just seams to create uneccecary issues. Unless there

are

some reasons why they are there, I move to remove these entries.

Best regards
Jørn


You man like if shorewall is removed to make room?
This images can be used for other things like dealling with model
railroading.
I will let other reply more if they wish.

Larry Platzek  [EMAIL PROTECTED]



Larry Platzek  [EMAIL PROTECTED]

RE: [leaf-devel] Hosts.deny & hosts.allow

[Jorn Eriksen]

Larry & All

>>I think that will work but I hope the  documentation will also be changed
>>as It has been the same since LRP day
I'll write a little something for that now that I have started to dive into
the XLM documentation :-)

Best regards
Jørn


-Original Message-
From: Larry Platzek [mailto:[EMAIL PROTECTED]
Sent: 25. april 2006 08:40
To: Jorn Eriksen
Cc: leaf-devel@lists.sourceforge.net
Subject: RE: [leaf-devel] Hosts.deny & hosts.allow


Hello Jorn & All,

On Mon, 24 Apr 2006, Jorn Eriksen wrote:

> Date: Mon, 24 Apr 2006 17:48:26 +0200
> From: Jorn Eriksen <[EMAIL PROTECTED]>
> To: 'Larry Platzek' <[EMAIL PROTECTED]>
> Cc: leaf-devel@lists.sourceforge.net
> Subject: RE: [leaf-devel] Hosts.deny & hosts.allow
>
> Hello Larry & All,
>
> What I wanted was to add a "#" in front of the etries presently in
> hosts.deny & hosts.allow
> in order to make other functionallty to work out of the box - without
visits
> to misc files.
I think that will work but I hope the  documentation will also be changed
as It has been the same since LRP days.

>
> As I understand these files need to bevisited anyhow, at least with the
> present setup in the mentioned files, in order to get LEAF to work as
> special servers with outside access.  With functionalty that do not
require
> connections from the outside (that is what I presume modelrailroad would
be)
> my proposal would handle as well.
Yes, I do block access from outside my network. I will uncomment the lines
to add a little more protection.

I expected others to have said some for or against the proposed change.
Oh well...

Sorry did not reply sooner but have been away from my computers from
shortly after emailling my first response.

>
> And - we would also take some input to other frequently used lines in the
> mentioned files that we can add with a "#" in front.
>
> Jorn
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Larry
> Platzek
> Sent: 24. april 2006 17:15
> To: Jorn Eriksen
> Cc: leaf-devel@lists.sourceforge.net
> Subject: Re: [leaf-devel] Hosts.deny & hosts.allow
>
>
> On Mon, 24 Apr 2006, Jorn Eriksen wrote:
>
>> Date: Mon, 24 Apr 2006 15:13:40 +0200
>> From: Jorn Eriksen <[EMAIL PROTECTED]>
>> To: leaf-devel@lists.sourceforge.net
>> Subject: [leaf-devel] Hosts.deny & hosts.allow
>>
>> Hello All,
>>
>> I was wondering if there is any particular reason why there are entries
in
>> hosts.allow & hosts.deny in the standard etc.lrp file?  Since Shorewall
is
>> there, these files just seams to create uneccecary issues. Unless there
> are
>> some reasons why they are there, I move to remove these entries.
>>
>> Best regards
>> Jørn
>>
> You man like if shorewall is removed to make room?
> This images can be used for other things like dealling with model
> railroading.
> I will let other reply more if they wish.
>
> Larry Platzek  [EMAIL PROTECTED]
>

Larry Platzek  [EMAIL PROTECTED]



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

RE: [leaf-devel] Hosts.deny & hosts.allow

[Jorn Eriksen]

Hello Larry & All,

What I wanted was to add a "#" in front of the etries presently in
hosts.deny & hosts.allow
in order to make other functionallty to work out of the box - without visits
to misc files.

As I understand these files need to bevisited anyhow, at least with the
present setup in the mentioned files, in order to get LEAF to work as
special servers with outside access.  With functionalty that do not require
connections from the outside (that is what I presume modelrailroad would be)
my proposal would handle as well.

And - we would also take some input to other frequently used lines in the
mentioned files that we can add with a "#" in front.

Jorn
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Larry
Platzek
Sent: 24. april 2006 17:15
To: Jorn Eriksen
Cc: leaf-devel@lists.sourceforge.net
Subject: Re: [leaf-devel] Hosts.deny & hosts.allow


On Mon, 24 Apr 2006, Jorn Eriksen wrote:

> Date: Mon, 24 Apr 2006 15:13:40 +0200
> From: Jorn Eriksen <[EMAIL PROTECTED]>
> To: leaf-devel@lists.sourceforge.net
> Subject: [leaf-devel] Hosts.deny & hosts.allow
>
> Hello All,
>
> I was wondering if there is any particular reason why there are entries in
> hosts.allow & hosts.deny in the standard etc.lrp file?  Since Shorewall is
> there, these files just seams to create uneccecary issues. Unless there
are
> some reasons why they are there, I move to remove these entries.
>
> Best regards
> Jørn
>
You man like if shorewall is removed to make room?
This images can be used for other things like dealling with model
railroading.
I will let other reply more if they wish.

Larry Platzek  [EMAIL PROTECTED]



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] Hosts.deny & hosts.allow

[Larry Platzek]

On Mon, 24 Apr 2006, Jorn Eriksen wrote:


Date: Mon, 24 Apr 2006 15:13:40 +0200
From: Jorn Eriksen <[EMAIL PROTECTED]>
To: leaf-devel@lists.sourceforge.net
Subject: [leaf-devel] Hosts.deny & hosts.allow

Hello All,

I was wondering if there is any particular reason why there are entries in
hosts.allow & hosts.deny in the standard etc.lrp file?  Since Shorewall is
there, these files just seams to create uneccecary issues. Unless there are
some reasons why they are there, I move to remove these entries.

Best regards
Jørn


You man like if shorewall is removed to make room?
This images can be used for other things like dealling with model 
railroading.

I will let other reply more if they wish.

Larry Platzek  [EMAIL PROTECTED]