Re: best place to reject host(s)?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Nov 18, 2003 at 08:51:58PM -0800, Jeff Lacki wrote:
> 
> I would like to start rejecting specific hosts to my
> machine without excluding others.
> 
> What is the best way to do this?  iptables?  hosts.allow/deny?
> Or more specifically in my httpd.conf for apache (in this
> case its apache I want to deny access to but I would like
> the list to be able to grow over time without much hassle
> of editting it all over the httpd.conf file).
> 
> I have iptables setup, but that seems a hassle to edit
> each time (although Id be willing to do so).
> 
> Seems to me hosts.allow (since allow is checked first
> before denying the world in my case) would be the right place.
> 
> Ideally Id like a text file to contain all the hosts, but
> Im not too picky right now.  I figured someone here must
> be doing this already?

"Defence in Depth" or "Layered Defence" is something that everybody
should practice. That being said, setup both iptables and the
host.access files to drop blacklisted hosts. Then if your top layer
iptables rules get dropped for some reason, you still have some 
protection.

-- 
Jack Bowling
mailto: jbinpg@xxxxxxx


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux