On Tue, Nov 18, 2003 at 08:51:58PM -0800, Jeff Lacki wrote: > > I would like to start rejecting specific hosts to my > machine without excluding others. > > What is the best way to do this? iptables? hosts.allow/deny? > Or more specifically in my httpd.conf for apache (in this > case its apache I want to deny access to but I would like > the list to be able to grow over time without much hassle > of editting it all over the httpd.conf file). > > I have iptables setup, but that seems a hassle to edit > each time (although Id be willing to do so). > > Seems to me hosts.allow (since allow is checked first > before denying the world in my case) would be the right place. > > Ideally Id like a text file to contain all the hosts, but > Im not too picky right now. I figured someone here must > be doing this already? "Defence in Depth" or "Layered Defence" is something that everybody should practice. That being said, setup both iptables and the host.access files to drop blacklisted hosts. Then if your top layer iptables rules get dropped for some reason, you still have some protection. -- Jack Bowling mailto: jbinpg@xxxxxxx -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
