Re: Allow telnet to only one IP using host.deny or host.allow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Community support for Fedora users <users@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Allow telnet to only one IP using host.deny or host.allow
From: Samuel Kidman <samkidman@xxxxxxxxx>
Date: Sun, 3 Oct 2010 02:02:35 +0800
Delivered-to: users@xxxxxxxxxxxxxxxxxxxxxxx
In-reply-to: <1286025112.16172.1.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.fedoraproject.org/pipermail/users>
List-help: <mailto:[email protected]?subject=help>
List-id: Community support for Fedora users <users.lists.fedoraproject.org>
List-post: <mailto:[email protected]>
List-subscribe: <https://admin.fedoraproject.org/mailman/listinfo/users>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <https://admin.fedoraproject.org/mailman/listinfo/users>, <mailto:[email protected]?subject=unsubscribe>
References: <4CA5D68F.5090205@xxxxxxxxx> <1285938958.28716.3.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <4CA5E3DA.5080401@xxxxxxxxx> <1286025112.16172.1.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: Community support for Fedora users <users@xxxxxxxxxxxxxxxxxxxxxxx>
Sender: users-bounces@xxxxxxxxxxxxxxxxxxxxxxx

On Sat, Oct 2, 2010 at 9:11 PM, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote:

On Fri, 2010-10-01 at 19:06 +0530, Jatin K wrote:
> what is the perfect way
>
> only host.allow or host.deny file
>
> or only iptables ??

One could argue that this is no "perfect" way. And that multiple
efforts to protect yourself is the best way.

Personally, I'd deny all, and just allow the known address. Then do the
same with the firewall rule. Though, I wouldn't allow telnet, at all.
Are you sure you need it?

--
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.

--

users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Big agree with this. It's called defence in depth. However every security decision must be made while considering the trade-offs. Tradeoffs are the possible negative affects of having such strong security, and the most common one is having the security you implemented turn against it's purpose, blocking authorised and identified users.

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

References:
- Allow telnet to only one IP using host.deny or host.allow
  - From: Jatin K
- Re: Allow telnet to only one IP using host.deny or host.allow
  - From: Tim
- Re: Allow telnet to only one IP using host.deny or host.allow
  - From: Jatin K
- Re: Allow telnet to only one IP using host.deny or host.allow
  - From: Tim

Prev by Date: Re: Fedora SMP and 12 core cpu's
Next by Date: Re: Converting ext4 to xfs
Previous by thread: Re: Allow telnet to only one IP using host.deny or host.allow
Next by thread: Re: Allow telnet to only one IP using host.deny or host.allow
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]

Powered by Linux