Ken Foskey wrote: On Mon, 2003-03-17 at 18:02, Chris Samuel wrote: >> You're system is not specified in /etc/hosts.allow, by the look >> of things. >From memory using hosts.allow is a major security hole and it is >recommended that you don't use it at all. My betters will confirm or >deny.
Why is using hosts.allow / hosts.deny a major security hole and under what circumstances? I ask because I use them quite alot especially to restrict ssh connections. Is it just that relying on DNS lookups is flawed? Should I write IPtables instead to restrict access to SSH and mail etc. ? It is much more convenient to use hosts.allow . Joel http://cow.whyi.org -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug