On Wed, 29 Nov 2017 at 10:06:08 +0100 Ingo Wichmann <[email protected]> wrote:
[...] >> Alessandro Selli <[email protected]> wrote: >>> Say you change in.ftpd service >>> port to some non-standard one in it's configuration file. >>> in.ftpd: 192.168.0.0/255.255.0.0 EXCEPT 192.168.1.0/255.255.255.0 >>> in /etc/hosts.allow is still going to work, >>> iptables -I INPUT -i eth0 -p tcp --dport ftp -m conntrack --ctstate NEW >>> -j REJECT >>> no longer will. > > FTP is an example of a protocol, that has lost importance. If this is > the best use case for TCP wrappers we come up with, we should remove it > from LPIC 1. I used it as an example to show how TCP wrapper differ compared to iptables. Just like you could use iptabled to allow/block any kind of connection on any TCP port, you could user TCP Wrapper to block connections to any daemon compiled with TCP Wrapper support or run from tcpd. [...] > So please TCP wrappers users: where is the indication, that TCP wrappers > kept their importance since they have been introduced in LPIC 1 in 2001? > Linux has changed, since! Again: how could you use iptables to block connections to in.whateverd regardless what TCP port it was configured to listen to? That's what TCP Wrapper does. Regards, Alessandro _______________________________________________ lpi-examdev mailing list [email protected] http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
