Re: tcp wrapper

To: debian-firewall@lists.debian.org
Subject: Re: tcp wrapper
From: Daniel Pittman <daniel@rimspace.net>
Date: Mon, 25 Oct 2004 19:45:02 +1000
Message-id: <[🔎] 87ekjn9lnl.fsf@enki.rimspace.net>
References: <[🔎] 38ecc37f.0410242214.56f07dcd@posting.google.com>

On 25 Oct 2004, michal wrote:
> What's the difference between firewall and TCP wrapper? 

A firewall deals with packet and flow management below the protocol
level.

TCP wrapper is a per-application mechanism for determining access on an
IP (or DNS name) basis.

Both do the same task, but a firewall (iptables, say) is a /much/ more
general purpose tool.

> If I have installed iptables should I also install tcp wrraper? 

No, not really.  There just isn't much point in having two tools do the
same job.  The basic firewall rules should allow/deny access to services
just as effectively.

You can't use iptables to do the DNS reverse lookup stuff that
TCPwrappers can do at connection time, but then, you don't do that if
you want security anyway. :)

> What advantages will I have after installing tcp wrapper?

None, really.
        Daniel

-- 
I can't understand why anybody would want to devote their life to
a cause like dope. It's the most boring pasttime I can think of.
It ranks a close second to television.
        -- Frank Zappa

Reply to:

Follow-Ups:
- Re: tcp wrapper
  - From: Mike Mestnik <cheako911@yahoo.com>

References:
- tcp wrapper
  - From: mjaniszewski@cirrus.pl (michal)

Prev by Date: unsubscribe
Next by Date: Re: tcp wrapper
Previous by thread: tcp wrapper
Next by thread: Re: tcp wrapper
Index(es):
- Date
- Thread