-----Original Message-----
From: fedora-list-bounces@xxxxxxxxxx on behalf of Ashley M. Kirchner
Sent: Tue 10/16/2007 12:10 PM
To: For users of Fedora Core releases
Cc:
Subject: iptables versus hosts denied
In terms of performance and when a packet is dropped or denied,
what's best to use? iptables or hosts.deny ? Let's assume for a moment
here that one has a very long list of IP ranges that are being blocked,
would using iptables to deny the ranges work better/faster than having
hosts.deny block them? Just wondering ...
-----------------------------
iptables will drop the packet at the kernel level.
An application with tcp_wrapper support will consult the hosts.allow and hosts.deny files to determine whether or not to accept a TCP connection.
I would expect that iptables would be faster since the work is being done within the kernel.
<<winmail.dat>>
