While at FTP, I went around tcpd-izing machines, and had configured tcpd on the
"accessible" machines to require valid DNS PTRs as well as matching As.
A lot of people thought this was horribly restrictive. My argument was that we
wanted to only accept connections from machines for which *someone* had taken
responsibility by placing them in their DNS files, which doesn't buy you all
that much when it still lets in things like "public-dialup-port6.boston-ppp.
psi.net" ... Since there wasn't really any stated policy one way or the other,
it was just a perpetual pissing fight.
_H*
|
|
