List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On Thursday 13 October 2005 02:26 am, Peter Volkov wrote:
> Can anybody explain the differences, pro/con between the mentioned two
> approaches in the subject?
First, I must say that this is a very interesting read on the original
intended purpose of tcpd:
IMO, security works best in layers. So, why not use both?
I see the following downsides:
- hosts.(allow|deny) seems to be implementation specific in the sense that not
everything supports it. You might need to check to see if it's supported, or
simply use tcpwrappers/inetd if it is not.
- IPTables is platform specific, in that not every (*nix) operating system
On the other hand, these days it seems easier to setup a firewall in some form
of a firewall builder app/script that can compile firewalls for multiple
platforms from a centralized workstation. Then have it push the firewalls
out to each host and restart them appropriately. Perhaps someday these apps
may provide hosts.(allow|deny) support(?).
If forced to choose, I would go with firewalls (or rather, IPTables), you have
a lot more options especially when the firewall is stateful.
email@example.com mailing list