On Wed, May 22, 2002 at 10:12:57AM -0400, Michael Stone wrote:
> On Wed, May 22, 2002 at 11:59:46PM +1000, Anthony Towns wrote:
> > TCP wrappers doesn't work for all programs.
> Well, that's a bug in the program. :)
Even if it does all its communication over UDP?
> I'd argue that having
> the acl's in one place (hosts.allow) is better than scattering them in a
> million seperate config files, but something would be better than
> nothing.
Sure. None of that's specific to the Hurd, though, which means Linux
hasn't managed it yet, and thus nobody can reasonably expect it of us.
That's not the case for firewalling tools, which Linux, BSD, and Windows
have all managed to provide.
In any event, though, application level security is always going to be
application specific. Some applications will let you restrict by host/ip,
others will let you restrict by username/password, others will let you
do various other things. Some won't let you make any restrictions. IP
firewalling is a long way off perfect, but it *doesn't* depend on an
application and gives some useful features, so you should expect an OS
to provide it for you in case you want to run some imperfect applications.
Maybe a more convincing example of a useful use for a firewalling tool
would be if you consider writing a script that monitors your logs
for evidence of script kiddie attacks, and then starts dropping all
packets from them, ideally before they've finished going through all
their scripts.
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
``BAM! Science triumphs again!''
-- http://www.angryflower.com/vegeta.gif
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org