> > Yes. Install tcpwrappers and configure them to allow only access from > > local addresses. You can also do this with iptables, but tcpwrappers is > > probably less invasive. > You and Richard both assume TCP. I don't know what Marcy's talking > about, but it could be UDP.
Possible, but unlikely. Most COTS programmers that will work for banks these days can't/won't write good datagram-based apps if TCP will do their thinking for them. 8-) > You further assume tcpwrappers is a solution, and it might be, but > without knowing that software Marcy's talking about, you don't know that. So we now have several possible choices. Always a good thing, right? > _I_ would use iptables, much as Richard says. The vendor-supplied > firewalls I've seen are rather simplistic (but adequate to solve Marcy's > stated problem) As I said, iptables would work as well. It's also a bit more complex to configure, and mistakes have larger impacts than you can cause with tcpwrappers. Right tool, right job. > but for more serious use I use & recommend shorewall. Nice tool. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
