On Monday 08 July 2002 12:51 am, Jack Bowling wrote: > ** Reply to message from Antony Stone <[EMAIL PROTECTED]> on Mon, > 08 Jul 2002 00:04:34 +0100 > > > hosts.allow can still be useful to specify a command to run when a > > connection comes in (eg to provide some special logging ?), but these > > files don't add any security to a decently configured netfilter setup. > > Beg to differ. /etc/hosts.deny allows access tuning of services that are > set wide open on the firewall, ssh being a prime example.
The firewall shouldn't be set wide open. Put whatever restrictions you used to apply in hosts.deny into your firewall rules instead, then people can't even see you're running an ssh server to try cracking. Antony.
