On Thursday 13 October 2005 02:26 am, Peter Volkov wrote: > Can anybody explain the differences, pro/con between the mentioned two > approaches in the subject?
First, I must say that this is a very interesting read on the original intended purpose of tcpd: ftp://ftp.porcupine.org/pub/security/tcp_wrapper.txt.Z IMO, security works best in layers. So, why not use both? I see the following downsides: - hosts.(allow|deny) seems to be implementation specific in the sense that not everything supports it. You might need to check to see if it's supported, or simply use tcpwrappers/inetd if it is not. - IPTables is platform specific, in that not every (*nix) operating system uses it. On the other hand, these days it seems easier to setup a firewall in some form of a firewall builder app/script that can compile firewalls for multiple platforms from a centralized workstation. Then have it push the firewalls out to each host and restart them appropriately. Perhaps someday these apps may provide hosts.(allow|deny) support(?). If forced to choose, I would go with firewalls (or rather, IPTables), you have a lot more options especially when the firewall is stateful. My 0.02.. Robert -- [email protected] mailing list
