List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
> >So why many people and security guides still suggest the use of tcpd
> >over simple iptables rules?
> Not sure, maybe this pros
> - if you forget to start your iptables script your ports are open
> - you can check with 'PARANOID' whether hostname and ip record match
This could end up being a very interesting thread.
Iptables is nice because it is at kernel level, if someone were to try
to hack it so that your Iptables commands were ignored then they would
need to be able to reboot the box, something that you would probably
notice in a managed environment.
Tcpd runs in userspace, so given root access is a lot easier to
compromise the executable.
Just my 2c
NOTICE: This e-mail message and all attachments
transmitted with it may contain legally privileged and
confidential information intended solely for the use of
the addressee. If the reader of this message is not the
intended recipient, you are hereby notified that any
reading, dissemination, distribution, copying, or other
use of this message or its attachments, hyperlinks, or
any other files of any kind is strictly prohibited. If you
have received this message in error, please notify the
sender immediately by telephone (+44-1865-265500) or by
a reply to this electronic mail message and delete this
message and all copies and backups thereof.
email@example.com mailing list