Re: hosts.{allow,deny} vs iptables.

To: Joao Luis Meloni Assirati <assirati@visviva.com.br>
Cc: debian-security@lists.debian.org
Subject: Re: hosts.{allow,deny} vs iptables.
From: Moses Moore <mmoore@novator.com>
Date: Mon, 04 Mar 2002 11:52:21 -0500
Message-id: <[🔎] 3C83A645.303DE119@novator.com>
References: <[🔎] Pine.LNX.4.21.0203031921280.13631-100000@cranicola.localnet>

Joao Luis Meloni Assirati wrote:
> I want to know if my point of view is right, or if there is any
> functionality that hosts.{allow,deny} scheme provides which iptables
> can't.

- You have daemon-by-daemon settings instead of port-by-port or
protocol-by-protocol.
- the aforementioned 'extra layer of security incase your iptables get
cleared'.
- the 'PARANOID' host definition, which matches any host that has
doesn't have sane DNS-to-reverse-DNS settings.

Bastille does something nice (apt-get install bastille) I didn't know
about tcpwrappers.  I found this in my /etc/hosts.allow after running
Bastille's automated setup tool:

ALL : ALL : spawn (/usr/sbin/safe_finger -l @%h | /bin/mail -s "Port
Denial noted %d-%h" root) & : DENY

Reply to:

Follow-Ups:
- Re: hosts.{allow,deny} vs iptables.
  - From: Will Aoki <waoki@umnh.utah.edu>

References:
- hosts.{allow,deny} vs iptables.
  - From: Joao Luis Meloni Assirati <assirati@visviva.com.br>

Prev by Date: Re: PPTP and encryption / RC4 weaknesses
Next by Date: Re: hosts.{allow,deny} vs iptables.
Previous by thread: Re: hosts.{allow,deny} vs iptables.
Next by thread: Re: hosts.{allow,deny} vs iptables.
Index(es):
- Date
- Thread