interagiu com hosts.allow
e hosts.deny
de uma maneira muito insegura:
thufir@arrakis:~$
thufir@arrakis:~$ cat /etc/hosts.allow
# /etc/hosts.allow: list of hosts that are allowed to access the system.
# See the manual pages hosts_access(5) and hosts_options(5).
#
# Example: ALL: LOCAL @some_netgroup
# ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#
#-- leafnode begin
leafnode: 192.168.1.7
leafnode: 127.0.0.1
#-- leafnode end
thufir@arrakis:~$
thufir@arrakis:~$ cat /etc/hosts.deny
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
# See the manual pages hosts_access(5) and hosts_options(5).
#
# Example: ALL: some.host.name, .some.domain
# ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
#
# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID
#-- leafnode begin
#leafnode: ALL
#-- leafnode end
thufir@arrakis:~$
e ignorou todos os avisos no manual fino por arquivo de configuração:
## By default, leafnode only serves connections from addresses in the
## local networks and drops those from outside. An IPv4 address, or an
## IPv6 address on computers that provide the getifaddrs() interface is
## considered local if it is within the networks (IP/netmask) of the local
## interfaces. On computers that lack the getifaddrs() interface, an
## IPv6 address is considered local if it is site-local, link-local or
## the loopback address (::1).
##
## You can enable remote access by doing:
## 1. enabling access for single static IPs (or subnetworks) through
## your super server (xinetd, tcpserver) or, if the service is wrapped by
## tcpd, hosts.allow/hosts.deny configuration,
## 2. disabling access for all other hosts (default to deny),
## 3. testing that "deny" works, to avoid abuse of your server,
## 4. uncommenting this option, capitalizing the "strangers" subword and
## setting the value to 42.
##
## WARNING: ENABLING THIS OPTION IS DANGEROUS. YOU AGREE TO BE LIABLE
## FOR ALL ABUSE OF YOUR SERVER WHEN THIS OPTION IS ENABLED.
## IF ANYTHING ABOUT ITEMS 1. TO 3. ABOVE IS UNCLEAR, DO NOT ENABLE THIS!
## IF YOU ARE NOT FAMILIAR WITH ACCESS CONTROL, OR YOUR CLIENTS ARE ON
## DYNAMIC IPS, YOU MUST NOT ENABLE THIS. (You can use other, authenticated,
## methods of access instead, for instance SSH tunnels.)
##
#
allowSTRANGERS = 42
agora, meio que funciona. obviamente, não uma solução boa .