[sslh] sslh configuration file examples
Yves Rutschle
yves at naryves.com
Sat May 4 10:55:55 CEST 2013
On Fri, May 03, 2013 at 06:26:52PM +0300, Lars Noodén wrote:
> As a follow up question, I notice that 'service:' is missing from ssl in
> the example you provided and in basic.cfg/example.cfg which came with
> the package:
"service" specifies the service name for libwrap, i.e. the
name used in /etc/hosts.allow and /etc/hosts.deny.
The details are described in hosts_access(5) (and I need to
add a reference to that in sslh's documentation...)
> Should ssl also have a declaration of service? If not,
> why does ssh get one?
libwrap allows you to restrict access to specific services
based on where the connection comes from. It makes sense to
restrict ssh access to the IP addresses you're likely to
connection from, but in general you want anyone to be able
to access your HTTPS server.
Obviously this is highly site-dependent: if your HTTPS only
serves private pages that only you should access, it makes
sense to restrict access to HTTPS, and if you travel a lot
it doesn't make sense to restrict access to your ssh.
Cheers,
Y.
More information about the sslh
mailing list