[CentOS] iptables question
Keith Keller
kkeller at wombat.san-francisco.ca.usTue Jun 17 01:18:27 UTC 2014
- Previous message: [CentOS] iptables question
- Next message: [CentOS] iptables question
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[previous article hasn't appeared on gmane yet] On 2014-06-16, Eliezer Croitoru <eliezer at ngtech.co.il> wrote: > On 06/17/2014 01:46 AM, Bret Taylor wrote: >> Get rid of fail2ban, it's not needed. Just write a proper firewall. > Are you series?? > There are applications that fail2ban offers them things which others > just can't.. Indeed, fail2ban and their ilk (e.g. my new favorite, sshguard) modify iptables rules in response to excessive failed login attempts. A ''proper firewall'' with just static iptables rules can't do that. And with so many pwn3d hosts out there being used to bounce attacks off of, it is foolish to rely on static rules alone to fend off these attacks. Much better of course are static firewall rules that blocks off all but a few whitelisted hosts. But that is much less flexible for users. --keith -- kkeller at wombat.san-francisco.ca.us (try just my userid to email me) AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt see X- headers for PGP signature information
- Previous message: [CentOS] iptables question
- Next message: [CentOS] iptables question
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list