Educause Security Discussion mailing list archives

Re: IPtables versus Tcp_wrapper

From: Adam Garside <Adam.Garside () CPCC EDU>
Date: Wed, 3 Mar 2010 18:20:22 -0500

In any case, are we in agreement that given the choice of one or the
other, the preferred method would be iptables as it drops packets?



Given the choice of one or the other, I would use iptables. I still  
believe the use of both is preferrable as tcpwrappers provides an  
independant layer of security in case a kernel bug allows the firewall  
policy to be bypassed.

Also, as mentioned in a previous post, I second the use of OSSEC as a  
good, lightweight HIDS.

Adam

Current thread:

IPtables versus Tcp_wrapper Griese, Steven A. (Mar 03)
- <Possible follow-ups>
- Re: IPtables versus Tcp_wrapper Adam Garside (Mar 03)
- Re: IPtables versus Tcp_wrapper Josh Richard (Mar 03)
- Re: IPtables versus Tcp_wrapper Kevin Wilcox (Mar 03)
- Re: IPtables versus Tcp_wrapper Josh Richard (Mar 03)
- Re: IPtables versus Tcp_wrapper Adam Garside (Mar 03)
- Re: IPtables versus Tcp_wrapper Kevin Wilcox (Mar 04)
- Re: IPtables versus Tcp_wrapper Valdis Kletnieks (Mar 04)
- Re: IPtables versus Tcp_wrapper Josh Richard (Mar 04)
- Re: IPtables versus Tcp_wrapper Valdis Kletnieks (Mar 04)
- Re: IPtables versus Tcp_wrapper Josh Richard (Mar 04)