Educause Security Discussion mailing list archives
Re: IPtables versus Tcp_wrapper
From: Josh Richard <jrichar4 () D UMN EDU>
Date: Wed, 3 Mar 2010 17:01:11 -0600
On Wed, 2010-03-03 at 16:51 -0500, Kevin Wilcox wrote:
iptables drops packets at the kernel level. tcp_wrappers is lessidealas you expose the service to higher levels of the OS. Mostindividualson this list would recommend iptables over tcp_wrappers.Or, as Adam suggested, use both.
Sure. I find 'both' to be more of a support issue. My recommendation given 1 choice is use iptables over tcp_wrappers as you do not have to ensure something is compiled against lib_wrap. That is an easy assumption to break in shared administrative environments. In any case, are we in agreement that given the choice of one or the other, the preferred method would be iptables as it drops packets? -josh
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- IPtables versus Tcp_wrapper Griese, Steven A. (Mar 03)
- <Possible follow-ups>
- Re: IPtables versus Tcp_wrapper Adam Garside (Mar 03)
- Re: IPtables versus Tcp_wrapper Josh Richard (Mar 03)
- Re: IPtables versus Tcp_wrapper Kevin Wilcox (Mar 03)
- Re: IPtables versus Tcp_wrapper Josh Richard (Mar 03)
- Re: IPtables versus Tcp_wrapper Adam Garside (Mar 03)
- Re: IPtables versus Tcp_wrapper Kevin Wilcox (Mar 04)
- Re: IPtables versus Tcp_wrapper Valdis Kletnieks (Mar 04)
- Re: IPtables versus Tcp_wrapper Josh Richard (Mar 04)
- Re: IPtables versus Tcp_wrapper Valdis Kletnieks (Mar 04)
- Re: IPtables versus Tcp_wrapper Josh Richard (Mar 04)