> Could someone explain the point of /etc/hosts.allow in conjunction with
> iptables? I'm just getting started playing with firewalls, so be nice.
First of all, I don't know Bastille so the following may be completely
irrelevant to you :o)
That said,
/etc/hosts.allow only affects services that either choose to honor the
settings in this file, and services that run through the use of xinetd (like
telnet). Furthermore, /etc/hosts.allow can not prevent invalid/malicious
packets from reaching vulnerable services.
On the other hand, iptables works on a lower level and is not as easily
tricked/spoofed. Also, it "understands" protocols like FTP and DCC and is
able to block invalid/malicious packets while letting legitimate traffic
through.
While it may seem like the extra effort is wasted since one of them is
enough to prevent a casual hacker from accessing the services, when it comes
to security it's always better to have two layers of protection than one :-)
Andreas Lund ([EMAIL PROTECTED])
-- Tel: +47 90.07.71.62 / +47 63.88.33.56
Ano-Tech Computers (http://www.atc.no/)
** Free tech support; If you can read this, your email appears to be OK **
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
