** Reply to message from Antony Stone <[EMAIL PROTECTED]> on Mon, 08 Jul 2002 00:59:16 +0100
> On Monday 08 July 2002 12:51 am, Jack Bowling wrote: > > > ** Reply to message from Antony Stone <[EMAIL PROTECTED]> on Mon, > > 08 Jul 2002 00:04:34 +0100 > > > > > hosts.allow can still be useful to specify a command to run when a > > > connection comes in (eg to provide some special logging ?), but these > > > files don't add any security to a decently configured netfilter setup. > > > > Beg to differ. /etc/hosts.deny allows access tuning of services that are > > set wide open on the firewall, ssh being a prime example. > > The firewall shouldn't be set wide open. Put whatever restrictions you used > to apply in hosts.deny into your firewall rules instead, then people can't > even see you're running an ssh server to try cracking. Agreed. But having the same set of restrictions in the hosts.access files means you have a backup in case your firewall goes down unannounced. jb -- Jack Bowling mailto: [EMAIL PROTECTED]
