Re: hosts.deny
On Wed, 2006-03-29 at 09:05 -0600, Jack Hale wrote:
> I am trying to block a whole subnet. (example
> 100.100.100.0-100.100.100.255).
> in my /etc/hosts.deny file I have placed this as
> 100.100.100.0/100.100.100.255.
> Is this the correct way to do this? I am using Shorewall for the
> firewall. I am new to this. Sorry for the stupidity.
> Jack
hosts (allow|deny) are more of a layer7 packet filter. that is, it is at
the application level.
firewalls filter at layers 2 and 3 of the OSI model.
both methods work for restricting access to stuff, but they are
different, and that is important to understand.
-matt zagrabelny
Reply to: