[stunnel-users] stunnel and hosts.allow

Yousef Alhashemi yousef.alhashemi at gmail.com
Wed May 18 10:31:03 CEST 2011


This may be a little bit off-topic, but does anyone here use stunnel with
pan? My connections to stunnel (in pan) are always refused by libwrap. I was
looking for the right rule to add to /etc/hosts.allow but nothing seems to
work aside from "ALL : ALL" (which is obviously not good) and "nntps:
KNOWN". Is the latter reasonable? The hosts_access(5) manpage is confusing
to say the least. It mentions that daemon (the first token on any line) is
the name of the daemon running the process, which would be "stunnel" in my
case, but using "stunnel : LOCAL" or even "stunnel : ALL" doesn't work. The
rule that seems to work, as mentioned, is "nntps : KNOWN" ("nntps" being the
group name in stunnel.conf).

What's even more confusing to me is that "nntps : LOCAL" does not work
either. Nor does "nntps : localhost", "nntps : localhost", "nntps
:", or "nntps : 192.168.1.". Pan is running on the same machine as
stunnel so all connections must be coming from localhost. Why do these rules
not trigger?

Either way, I'd like to know the "least permissive" hosts.allow rule that
would allow me to connect to my news provider from pan, and/or whether
"nntps : KNOWN" is a safe option.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20110518/d7ed9a22/attachment.html>

More information about the stunnel-users mailing list