On 04/12/2012 02:32 PM, don fisher wrote: <snip>
In the old days, there were files /etc/hosts.allow and /etc/hosts.deny. As I recall, they had something to do with tcpd. Do they serve any purpose with ipchains?
No, /etc/hosts.[allow|deny] are part of the tcpwrapper system and thus are in userspace (at the application level). Applications must be compiled and linked with tcpwrappers for it to work. In other words, it's "voluntary". iptables is a kernel-level firewall. Packets have to get through iptables before they're even "passed up the food chain" to be seen by the tcpwrapper stuff. If iptables is active, then all network I/O goes through iptables regardless of what an individual application wants. If iptables denies a packet, then the upper level stuff won't even see the packet in the first place. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - "People tell me I look at the dark side. That's not true. I have - - the heart of a small boy......in a jar right here on my desk." - - -- Stephen King - ---------------------------------------------------------------------- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
