Jeff Vian wrote: > On Tue, 2006-11-21 at 20:59 -0600, Paul Johnson wrote: >> One security tip I got years ago was to turn off all access by setting >> the file /etc/hosts.deny like this: >> >> ALL:ALL >> >> >> And then in /etc/hosts.allow, I allow in only specific services and >> specific ip address ranges that I want to allow. For example, I >> usually allow only ssh connections from a few specific places: >> >> ALL: 127.0.0.1 >> sshd: 24.124. >> sshd: 129.237. >> sshfwd-X11: 24.124. >> sshfwd-X11: 129.237. >> >> This has served me well to keep out other users and protect myself >> from starting services that I don't want. >> >> Now in FC6 I notice that xinetd is not installed and so these host >> files have no effect. of course, I can install xinetd, but I'm >> suspecting that the FC6 designers want me to do something else in >> order to control access. How does one achieve the same effect without >> using xinetd? >> > Maybe iptables? > Iptables can certainly be configured to do what you have listed above, > but not IMHO as easily nor as cleanly. The syntax is different and so > somewhat harder to use. > > However, that seems like throwing the baby out with the bathwater. I > would think that having tcpwrappers (which is what uses the hosts.deny > and hosts.allow files) in effect was a good thing. > yum install firestarter -- Steve
