[dundee] Fedora Core 3 htree error
Andrew Clayton
andrew at digital-domain.net
Sat Oct 13 01:57:47 BST 2007
On Sat, 13 Oct 2007 01:31:10 +0100 (BST), Lee Hughes wrote:
> overkill? lets see.
>
> iptables..
>
> better performance..
>
> better logging
>
> implement at kernel , not in a libwrap.a
>
> can control ICMP traffic, and other weirdo packets.
>
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/tcpwrappers.html
>
> quote.
> ''The added functionality of TCP Wrappers should not be considered a
> replacement for a good firewall. TCP Wrappers can be used in
> conjunction with a firewall or other security enhancements though and
> it can serve nicely as an extra layer of protection for the system.'
>
> if you want to argue with the freebsd guys, be my guest.
>
> ;-)
That's all very good.
When the only network service on your box is ssh, tcp wrappers for me
does the job.
The bad packet thing I can kinda see, but then again it's not caused me
any problems in oh, some 12 years or so. Linux is pretty resilient to
these things.
Of course I'm taking about my machine at home here, in a different
environment, I may consider extra layers, iptables, selinux etc.
Andrew
More information about the dundee
mailing list