Regarding ip_deny perhaps what was meant was the hosts.deny and hosts.allow files. These only relate to tcpwrappers, the tcpd or inetd daemons which can control port access. I personally think such "super" daemons are dangerous and do not run them at all. One process, inetd, or similar, has the ability to open any or all ports, seems like a great possible target to compromise a system. Using hosts.deny is not equivalent to the iptables, which will drop packets at the firewall, I think Tyler's intention is a good one, better than deny by the tcpwrapper process. > I don't have an ip.deny file
