Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Robert Larson <robert@...>
Subject: Re: hosts.{allow,deny} vs. iptables.
Date: Thu, 13 Oct 2005 12:32:32 -0500
On Thursday 13 October 2005 02:26 am, Peter Volkov wrote:
> Can anybody explain the differences, pro/con between the mentioned two
> approaches in the subject?

First, I must say that this is a very interesting read on the original 
intended purpose of tcpd:
ftp://ftp.porcupine.org/pub/security/tcp_wrapper.txt.Z

IMO, security works best in layers.  So, why not use both?

I see the following downsides:

- hosts.(allow|deny) seems to be implementation specific in the sense that not 
everything supports it.  You might need to check to see if it's supported, or 
simply use tcpwrappers/inetd if it is not.

- IPTables is platform specific, in that not every (*nix) operating system 
uses it.


On the other hand, these days it seems easier to setup a firewall in some form 
of a firewall builder app/script that can compile firewalls for multiple 
platforms from a centralized workstation.  Then have it push the firewalls 
out to each host and restart them appropriately.  Perhaps someday these apps 
may provide hosts.(allow|deny) support(?).  

If forced to choose, I would go with firewalls (or rather, IPTables), you have 
a lot more options especially when the firewall is stateful.

My 0.02..

Robert
-- 
gentoo-security@g.o mailing list


References:
hosts.{allow,deny} vs. iptables.
-- Peter Volkov
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: hosts.{allow,deny} vs. iptables.
Next by thread:
RE: hosts.{allow,deny} vs. iptables.
Previous by date:
Re: hosts.{allow,deny} vs. iptables.
Next by date:
RE: hosts.{allow,deny} vs. iptables.


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.