Re: hosts.deny vs iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, May 24, 2006 at 01:28:13 -0400,
  CodeHeads <codeheads@xxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello all,
> I searched the archives and google and did not find what i was looking for.
> 
> This is my setup:
> Web Server with virtual hosts; FC4; IPTables and SELinux Running
> 
> My questions is which is better, IPTables or hosts.deny???

You want to use iptables. There may be some benefit to using hosts.deny/allow
in that you can do dns look ups at the time of connection rather than when
the rules are set up. While you don't want to depend on DNS for access, it
is reasonable to use it do deny access in most situations.

> I read some where, cannot remember, that hosts.deny does not read httpd
> requests??

For apache, you can configure allowed and denied hosts in httpd.conf and you
don't need hosts.deny/allow.

> 
> I am mostly concerned in blocking IP ranges with either.

For this case it is probably best to build these restrictions into your
iptables rules.

> 
> Any thoughts?


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux