bulliver at badcomputer
Oct 13, 2005, 5:28 AM
Post #3 of 7
quoth the Peter Volkov:
> Can anybody explain the differences, pro/con between the mentioned two
> approaches in the subject?
> I thought that fewer programs I have on my server the more secure it is.
> But gentoo security guide and some people on this list suggest usage of
> hosts.allow, hosts.deny files, which only work if I have tpcd installed,
> thus another service which weaken server's security. But normaly each
> server has iptables installed. So every sysadmin can obtain hosts.allow,
> hosts.deny functionality with simple iptables rule like the following:
> iptables -A INPUT -s bad_host -j DROP
> This is the base functionality of iptables. No PoM is nescesary for such
> kind of things.
> More. I think some portable bash script that will parse host.* files and
> create iptables rules is very simple to write!
> So why many people and security guides still suggest the use of tcpd
> over simple iptables rules?
> Thank you for your time,
This is a good question, and one for which I am anticipating many responses
more informative and comprehensive than mine...all I can do is offer opinion.
As I see it, iptables is best used to guard the network gateway, and live
internet servers, ie: http, ftp, smtp, named etc...and tcpwrappers is best
suited for internal LAN security, where you may want to easily control access
to _many_ services host by host, ie NFS, samba, rsync, ssh, pop, imap etc...
I suppose the listing of services is arbitrary, depending on your
circumstances. For me it comes down to iptables for servers directly
accessable from the internet, and tcpwrappers for internal stuff.
darren kirby :: Part of the problem since 1976 :: http://badcomputer.org
"...the number of UNIX installations has grown to 10, with more expected..."
- Dennis Ritchie and Ken Thompson, June 1972