Voytek wrote:
is a public web/mail server, so, I need to allow full access to web/mail/dns
well instead of the ALL bit in hosts.allow/deny just use sshd
if you use this tcpwrapper features, you can allow whole subnets easily.
like so: (hosts.allow) #Australia sshd: 203.0.0.0/255.0.0.0
(hosts.deny) #Block ssh from everywhere (except those in hosts.allow) sshd: ALL
of course you could just add the fixed ip and the subnet of your dialup IPs. that way at least you massively slash the amount of hosts that can connect to you. and mostly avoid the crackers from Romainia and Russia
dave -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html