On Mon, Sep 10, 2001 at 02:14:56PM +0200, Bernhard R. Link wrote: > On Mon, 10 Sep 2001, Alexander Reelsen wrote: > > First binding then firewalling is a bad idea, someone might be able to > > access that service via spoofing or other dirty tricks... > I do not know very much in this area, but I was of the impression, that > firewalling might be more secure than giving ip, as you can only specify > the ip, and not the network-interface the connection comes from. Well, I consider listening on a certain IP as quite secure, because you mostly know what ip is bound to what interface. If you want to do extra firewalling per-interface then you need something else than inetd.
Both is useful, what I meant was the fact, that starting unnecessary services per-ip (per-interface as well ;)) and firewalling those afterwards is not that securitywise as not starting them at all. MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB [EMAIL PROTECTED] 7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D7 313C Securing Debian: http://joker.rhwd.de/doc/Securing-Debian-HOWTO
