/ecc/hosts.deny|allow only manages the tcpd services access...
you might still be vulnerable to ICMP/UDP and other standalone
services...
with packet filtering, you have a greater level of control over
allowed & denied service access to your host.
i'm no security fundi, and there's probably better ways of defining
things, but i'm sure i got the idea :) , which might be of help to
you...
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 7/14/99, 2:40:00 AM, "Jim Gilliver" <[EMAIL PROTECTED]> wrote
regarding Firewall vs HOSTS.DENY:
> I have a security related question...
> I have a machine set up for IP Masquerading for a small local network.
It
> uses ipchains to set the masquerading policy to deny, but masquerade
the
> local network correctly.
> All the services in inetd.conf are remarked out, except ftp (which we
want
> enabled).
> What I want to know is, is this any less secure than setting up
ipchains
> rules to block unwanted connections? As far as I can tell, inetd
won't
> bother doing anything if the port isn't enabled anyway... is this
correct?
> Thanks,
> Jim
