[CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?
John Horne
john.horne at plymouth.ac.ukSun Apr 20 23:48:33 UTC 2014
- Previous message: [CentOS] Ext4 mess .... and EXT4-fs error (device sdc): ext4_mb_generate_buddy - SOLVED
- Next message: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 2014-03-20 at 15:48 -0400, Matthew Miller wrote: > Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? > A very late reply - yes we use it in conjunction with iptables (on CentOS 5/6 and Fedora). Tcp_wrappers allows filtering based on DNS name, which (as far as I am aware) iptables does not. It is very easy to configure, and takes immediate effect (no restarting of processes required). > And, would you care strongly if it went away (or would you just > migrate to something else)? > Since we use it I would obviously rather it did not go away :-) If we had to we would probably build our own from source, but initially may well just look to see if iptables could do all of what we wanted. > > What do you think? Do you rely on hosts.allow/hosts.deny a primary security > mechanism? As defense-in-depth? Do you have policies which mandate it? > No policies as such, but we include its installation as part of our standard server build process. It is part of the security used on our servers, and, as others have mentioned, multiple layers is the way to go rather than relying on just one tool. John. -- ---------------------------------------------------- John Horne Tel: +44 (0)1752 587287 Plymouth University, UK Fax: +44 (0)1752 587001
- Previous message: [CentOS] Ext4 mess .... and EXT4-fs error (device sdc): ext4_mb_generate_buddy - SOLVED
- Next message: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list