I agree!<br><br><b><i>Andrew Clayton <andrew@digital-domain.net></i></b> wrote:<blockquote class="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"> On Sat, 13 Oct 2007 01:31:10 +0100 (BST), Lee Hughes wrote:<br><br>> overkill? lets see.<br>> <br>> iptables..<br>> <br>> better performance..<br>> <br>> better logging<br>> <br>> implement at kernel , not in a libwrap.a<br>> <br>> can control ICMP traffic, and other weirdo packets.<br>> <br>> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/tcpwrappers.html<br>> <br>> quote.<br>> ''The added functionality of TCP Wrappers should not be considered a<br>> replacement for a good firewall. TCP Wrappers can be used in<br>> conjunction with a firewall or other security enhancements though and<br>> it can serve nicely as an extra layer of protection for the system.'<br>> <br>> if you want to argue with the freebsd
guys, be my guest.<br>> <br>> ;-)<br><br>That's all very good.<br><br>When the only network service on your box is ssh, tcp wrappers for me<br>does the job.<br><br>The bad packet thing I can kinda see, but then again it's not caused me<br>any problems in oh, some 12 years or so. Linux is pretty resilient to<br>these things.<br><br>Of course I'm taking about my machine at home here, in a different<br>environment, I may consider extra layers, iptables, selinux etc.<br> <br><br>Andrew<br><br>_______________________________________________<br>dundee GNU/Linux Users Group mailing list<br>dundee@lists.lug.org.uk http://dundee.lug.org.uk<br>https://mailman.lug.org.uk/mailman/listinfo/dundee<br>Chat on IRC, #tlug on dundee.lug.org.uk<br></blockquote><br><p> 
<hr size=1>
For ideas on reducing your carbon footprint visit <a href="http://uk.promotions.yahoo.com/forgood/environment.html">Yahoo! For Good</a> this month.