On Wed, 2008-01-30 at 11:10 +0000, Jenny Hopkins wrote:
Thankyou. Looking further, I see this in the syslog when a connection to the cvspserver is attempted from any other than addresses stated after "ALL:" -
Jan 30 10:59:52 stoneboat xinetd[30584]: warning: /etc/hosts.allow, line 21: can't verify hostname: getaddrinfo(unknown.asdl.nitrex.net, AF_INET) failed Jan 30 10:59:52 stoneboat xinetd[30584]: libwrap refused connection to cvspserver (libwrap=cvs) from 213.165.225.128
This means I need to tell hosts.allow not to bother with reverse DNS lookups somehow, as some of them are broken?
I am 213.165.225.128, and if I add ALL:213.165.225.128 I can access, but otherwise not.
The hosts.deny says ALL: PARANOID
Well spotted Jenny.. could you limit access by IP address range instead of domain names (or are your clients on DHCP, so you have no guarantees of addresses)?
If you don't have reliable reverse DNS or fixed IP's hosts.allow isn't going to work for you.
P