> > Am I correct in assuming that the GUI configurator that runs during > > install for the firewall setup puts its informatino in the > > /etc/hosts.allow and hosts.deny files, or are these files just another > > level of security to protect my box from unwanted connections? > > > > hosts.allow/deny are used for protecting services on a per-service basis. > The configurator modifies /etc/sysconfig/iptables.
Yes, true. /etc/hosts.allow and /etc/hosts.deny are to configure TCP wrappers, which filter on a socket level. iptables filters at the kernel level. Incidentally, it's widely held that TCP wrappers are vulnerable to fragment based attacks, ip spoofing, etc. I find TCP wrappers useful for test boxes and systems where alot of applications move in and out, and I'm logged in fairly often. Iptables is much more granular and I would use it on systems that don't change too much. MPF -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
