[KLUG Members] smoothwall questions

Peter Buxton members@kalamazoolinux.org
Mon, 4 Aug 2003 21:35:55 -0400

Previous message: [KLUG Members] smoothwall questions
Next message: [KLUG Members] smoothwall questions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Aug 04, 2003 at 01:14:06PM +0200, Bert was only escaped
   alone to tell thee:

> I should do both. The most effective is to drop them in
> /etc/hosts.deny, you need a tcpwrapper running, although I have read
> an article lately that you should never run a wrapper on a firewall. I
> always used tcp-wrappers on my firewall.

Hmm. I think they say you shouldn't run a wrapper on a firewall because
your application shouldn't run on a firewall. If you need a proxy hole,
perhaps, if resources aren't a problem, you should try redirecting the
incoming connection to a second, internal proxy host.

Many of the tcpwrapper functions can and should be replaced by iptables
or the *BSD equivalent. The only thing I don't think you could easily
replace would be the PARANOID setting, where IP #'s and DNS names are
compared and matched.

-- 
-46
So you had better do as you are told
You better listen to the radio. -- E.Costello, 1977

Previous message: [KLUG Members] smoothwall questions
Next message: [KLUG Members] smoothwall questions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]