From: Jack Bowling <jbinpg@shaw.ca>
To: netfilter@lists.samba.org
Subject: Re: hosts.deny
Date: Sun, 07 Jul 2002 18:50:48 -0700 [thread overview]
Message-ID: <0GYW00LF9QGR77@l-daemon> (raw)
In-Reply-To: <20020707235918.OPUR23840.mta03-svc.ntlworld.com@there>
** Reply to message from Antony Stone <Antony@Soft-Solutions.co.uk> on Mon, 08 Jul 2002 00:59:16 +0100
> On Monday 08 July 2002 12:51 am, Jack Bowling wrote:
>
> > ** Reply to message from Antony Stone <Antony@Soft-Solutions.co.uk> on Mon,
> > 08 Jul 2002 00:04:34 +0100
> >
> > > hosts.allow can still be useful to specify a command to run when a
> > > connection comes in (eg to provide some special logging ?), but these
> > > files don't add any security to a decently configured netfilter setup.
> >
> > Beg to differ. /etc/hosts.deny allows access tuning of services that are
> > set wide open on the firewall, ssh being a prime example.
>
> The firewall shouldn't be set wide open. Put whatever restrictions you used
> to apply in hosts.deny into your firewall rules instead, then people can't
> even see you're running an ssh server to try cracking.
Agreed. But having the same set of restrictions in the hosts.access files means you have a backup in case your firewall goes down unannounced.
jb
--
Jack Bowling
mailto: jbinpg@shaw.ca
next prev parent reply other threads:[~2002-07-08 1:50 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-07-07 22:54 hosts.deny Dennis Cardinale
2002-07-07 23:04 ` hosts.deny Antony Stone
2002-07-07 23:51 ` hosts.deny Jack Bowling
2002-07-07 23:59 ` hosts.deny Antony Stone
2002-07-08 1:50 ` Jack Bowling [this message]
2002-07-08 13:09 ` hosts.deny Ian C. Sison
2002-07-08 12:07 ` hosts.deny Matthew Hellman
-- strict thread matches above, loose matches on Subject: below --
2002-07-07 23:03 hosts.deny George Vieira
2002-07-07 23:20 ` hosts.deny Martin Tomasek
2002-07-07 23:24 hosts.deny George Vieira
2002-07-07 23:29 ` hosts.deny Antony Stone
2002-07-07 23:33 ` hosts.deny Ed Street
2002-07-07 23:38 ` hosts.deny Antony Stone
2002-07-07 23:48 ` hosts.deny Ed Street
2002-07-07 23:57 ` hosts.deny Antony Stone
2002-07-08 0:01 ` hosts.deny Ed Street
2002-07-08 0:11 ` hosts.deny Antony Stone
2002-07-08 2:27 ` hosts.deny Ed Street
2002-07-08 2:33 ` hosts.deny Antony Stone
2002-07-08 2:35 ` hosts.deny Ed Street
2002-07-07 23:36 hosts.deny George Vieira
2002-07-07 23:43 ` hosts.deny Antony Stone
2002-07-07 23:49 ` hosts.deny Ed Street
2002-07-07 23:55 ` hosts.deny Antony Stone
2002-07-08 0:14 ` hosts.deny Martin Tomasek
2002-07-08 0:22 ` hosts.deny Antony Stone
2002-07-07 23:58 hosts.deny George Vieira
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0GYW00LF9QGR77@l-daemon \
--to=jbinpg@shaw.ca \
--cc=netfilter@lists.samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.