Educause Security Discussion mailing list archives

Re: IPtables versus Tcp_wrapper

From: Josh Richard <jrichar4 () D UMN EDU>
Date: Wed, 3 Mar 2010 17:01:11 -0600

On Wed, 2010-03-03 at 16:51 -0500, Kevin Wilcox wrote:

iptables drops packets at the kernel level. tcp_wrappers is less

ideal

as you expose the service to higher levels of the OS.  Most

individuals

on this list would recommend iptables over tcp_wrappers.


Or, as Adam suggested, use both.


Sure.  

I find 'both' to be more of a support issue.  My recommendation given 1
choice is use iptables over tcp_wrappers as you do not have to ensure
something is compiled against lib_wrap.  That is an easy assumption to
break in shared administrative environments.  

In any case, are we in agreement that given the choice of one or the
other, the preferred method would be iptables as it drops packets?


-josh

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

IPtables versus Tcp_wrapper Griese, Steven A. (Mar 03)
- <Possible follow-ups>
- Re: IPtables versus Tcp_wrapper Adam Garside (Mar 03)
- Re: IPtables versus Tcp_wrapper Josh Richard (Mar 03)
- Re: IPtables versus Tcp_wrapper Kevin Wilcox (Mar 03)
- Re: IPtables versus Tcp_wrapper Josh Richard (Mar 03)
- Re: IPtables versus Tcp_wrapper Adam Garside (Mar 03)
- Re: IPtables versus Tcp_wrapper Kevin Wilcox (Mar 04)
- Re: IPtables versus Tcp_wrapper Valdis Kletnieks (Mar 04)
- Re: IPtables versus Tcp_wrapper Josh Richard (Mar 04)
- Re: IPtables versus Tcp_wrapper Valdis Kletnieks (Mar 04)
- Re: IPtables versus Tcp_wrapper Josh Richard (Mar 04)