luke@techfreak.org wrote:

>I'm definitely not a firewall expert, but isn't it also possible to
>get around
>IPchains using IP spoofing? From what I know ipchains is only
>protected against spoofing by using source address verification.
>
>Or am I way off?
>
>Luke
>  
>
A little off. :)  Yes you can spoof iptables but not nearly as easily as 
hosts.allow can be spoofed.  Hosts.allow's verifications procedures are 
considerably less sophisticated than those of iptables.

Regards

James

P.S. Generally Ipchains has been replaced by Iptables.