On 03/07/2012 01:35 PM, Jon Elson wrote: > Mark Wendt wrote: >> I've found it's easier to put ALL: ALL in /etc/hosts.deny, then >> selectively put the hosts I want allowed in /etc/hosts.allow. You >> can even get more granular by specifying what you want the hosts to >> be able to access. Tcpd is a wunnerful thang. > I'm running a primary DNS, web server, smtp server and sshd on this > machine, > so that isn't going to work. I have to let anybody in unless they are > shown to be a problem. > Any machine that is not deliberately serving something on the net > shouldn't even > have a WAN IP address, in my opinion. > > Jon
Depends on where you are and what you are doing. Almost all the machines here at the Lab have a Class C address. TCP wrappers keeps unwanted hosts out of my pants, and has worked well for doing that for a long time. The Lab owns all the Class C addresses in our block, and they really don't want people NAT'ing behind a firewall because of their weekly security scans. We harden our machines here before they can get assigned an IP address, and quite a few have ports open to the world, while many don't. It's a lot easier to manage the address space this way for us. Mark ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Emc-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/emc-users
