Gentoo Logo
Gentoo Spaceship

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
To: gentoo-security@g.o
From: Kevin Enslow <enslow@...>
Subject: Re: hosts.{allow,deny} vs. iptables.
Date: Thu, 13 Oct 2005 09:53:37 -0700
One reason I can think of is to keep it simple across platforms.
tcpd is, in general OS non-specific. When you need to make security
suggestions that span platforms (Linux, Solaris, BSD, etc) this is what
you want. You can install tcpd on all platforms, and the configuration
is the same. 

iptables is Linux specific. To create the same functionallity on other 
platforms, you will be stuck with several different packages and config 
files to provide the same functionallity. This can become hard to manage 
very quickly.

.------[ Peter Volkov wrote (2005/10/13 at 12:32:05 AM) ]------
> Hello.
> Can anybody explain the differences, pro/con between the mentioned two
> approaches in the subject?
> I thought that fewer programs I have on my server the more secure it is.
> But gentoo security guide and some people on this list suggest usage of
> hosts.allow, hosts.deny files, which only work if I have tpcd installed,
> thus another service which weaken server's security. But normaly each
> server has iptables installed. So every sysadmin can obtain hosts.allow,
> hosts.deny functionality with simple iptables rule like the following:
> iptables -A INPUT -s bad_host -j DROP
> This is the base functionality of iptables. No PoM is nescesary for such
> kind of things.
> More. I think some portable bash script that will parse host.* files and
> create iptables rules is very simple to write!
> So why many people and security guides still suggest the use of tcpd
> over simple iptables rules?
> Thank you for your time,
> Peter.


gentoo-security@g.o mailing list

hosts.{allow,deny} vs. iptables.
-- Peter Volkov
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: hosts.{allow,deny} vs. iptables.
Next by thread:
Re: hosts.{allow,deny} vs. iptables.
Previous by date:
[no subject]
Next by date:
Re: hosts.{allow,deny} vs. iptables.

Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.