[TriLUG] Re: Problems with hosts.deny hosts.allow
Mon, 11 Mar 2002 11:25:57 -0500
> If you are simply interested (in an academic way) on the arcane and archaic
> use of the host files, then you might try looking at the man pages (man
It's worth pointing out that they're not necessarily mutually exclusive.
In fact, it is philosophically a good idea to use both. There's no reason
(that I can tell) to blindly assume there are no bugs in any code base,
user-space or kernel-space.
IOW, while the additional hassle of possibly needing to update multiple
configurations for changes can be annoying, there can be some value in
taking advantage of all possible security settings that are allowed.
After all, if the system in place allows things without rebuilding,
I can't see much of a reason to *not* use it, but admittedly my rules
aren't very complex.
YMMV, of course, but I don't think trashing tcpwrappers is necessarily
a good idea - trashing their exclusive use, yes - trashing them as a
component (by no means the strongest one) in a multi-faceted security
setup seems less so.
At least, as I'm writing this I can't imagine ipchains standalone (hey,
let's go iptables! :) as a more secure solution than ipchains+tcpwrappers.
I know you already know this, Jon, just wanted to offer $.02 although
your original point of tcpwrappers by themselves being crap is still
one I highly agree with.
James Manning <firstname.lastname@example.org>
GPG Key fingerprint = B913 2FBD 14A9 CE18 B2B7 9C8E A0BF B026 EEBB F6E4