Use it as a precaution.. if that HOST.DENY runs... then you have an intrusion which you need to fix..
I do this.. vi /etc/hosts.deny #--------------------- ALL: ALL : spawn (/bin/hosts.deny.script %d %a %h) & #--------------------- Every deny spawns my script, my script determines if it's a true attack and can take counter measures like email me and then shutdown the firewall etc.etc.. BUT YOU HAVE TO MAKE SURE IT'S AN INTRUSION! Other ways is to run snort or portsentry and others.. I'm happy with my script.. it's activated once only because I forgot to allow my VPN user to get through... ;) Oops.. Blocked him for a while.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -----Original Message----- From: Dennis Cardinale [mailto:[EMAIL PROTECTED]] Sent: Monday, 08 July 2002 8:54 AM To: Netfilter Mailing List Subject: hosts.deny When running a netfilter firewall, is there any reason to continue using the hosts.deny and hosts.allow files, or is this just superfluous? Thanks, Dennis
