Gentoo Logo
Gentoo Spaceship

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
To: <gentoo-security@g.o>
From: "Giles Coochey" <giles.coochey@...>
Subject: RE: hosts.{allow,deny} vs. iptables.
Date: Thu, 13 Oct 2005 13:44:27 +0100
> >So why many people and security guides still suggest the use of tcpd
> >over simple iptables rules?
> Not sure, maybe this pros 
> - if you forget to start your iptables script your ports are open
> - you can check with 'PARANOID' whether hostname and ip record match

This could end up being a very interesting thread.

Iptables is nice because it is at kernel level, if someone were to try
to hack it so that your Iptables commands were ignored then they would
need to be able to reboot the box, something that you would probably
notice in a managed environment.

Tcpd runs in userspace, so given root access is a lot easier to
compromise the executable.

Just my 2c

NOTICE: This e-mail message and all attachments
transmitted with it may contain legally privileged and
confidential information intended solely for the use of
the addressee. If the reader of this message is not the
intended recipient, you are hereby notified that any
reading, dissemination, distribution, copying, or other
use of this message or its attachments, hyperlinks, or
any other files of any kind is strictly prohibited. If you
have received this message in error, please notify the
sender immediately by telephone (+44-1865-265500) or by
a reply to this electronic mail message and delete this
message and all copies and backups thereof.

gentoo-security@g.o mailing list

RE: hosts.{allow,deny} vs. iptables.
-- Ɓukasz C. Jokiel
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
hosts.{allow,deny} vs. iptables.
Next by thread:
RE: hosts.{allow,deny} vs. iptables.
Previous by date:
Re: hosts.{allow,deny} vs. iptables.
Next by date:
[no subject]

Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.