Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Peter Volkov <pvolkov@...>
Subject: hosts.{allow,deny} vs. iptables.
Date: Thu, 13 Oct 2005 11:26:55 +0400
Hello.

Can anybody explain the differences, pro/con between the mentioned two
approaches in the subject?

I thought that fewer programs I have on my server the more secure it is.
But gentoo security guide and some people on this list suggest usage of
hosts.allow, hosts.deny files, which only work if I have tpcd installed,
thus another service which weaken server's security. But normaly each
server has iptables installed. So every sysadmin can obtain hosts.allow,
hosts.deny functionality with simple iptables rule like the following:

iptables -A INPUT -s bad_host -j DROP

This is the base functionality of iptables. No PoM is nescesary for such
kind of things.

More. I think some portable bash script that will parse host.* files and
create iptables rules is very simple to write!

So why many people and security guides still suggest the use of tcpd
over simple iptables rules?

Thank you for your time,
Peter.
Attachment:
signature.asc (This is a digitally signed message part)
Replies:
Re: hosts.{allow,deny} vs. iptables.
-- Robert Larson
Re: hosts.{allow,deny} vs. iptables.
-- Kevin Enslow
Re: hosts.{allow,deny} vs. iptables.
-- darren kirby
Re: hosts.{allow,deny} vs. iptables.
-- Sebastian Siewior
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
port knocking
Next by thread:
Re: hosts.{allow,deny} vs. iptables.
Previous by date:
port knocking
Next by date:
Re: hosts.{allow,deny} vs. iptables.


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.