On Sat, Oct 2, 2010 at 9:11 PM, Tim ignored_mailbox@yahoo.com.au wrote:
On Fri, 2010-10-01 at 19:06 +0530, Jatin K wrote:
what is the perfect way
only host.allow or host.deny file
or only iptables ??
One could argue that this is no "perfect" way. And that multiple efforts to protect yourself is the best way.
Personally, I'd deny all, and just allow the known address. Then do the same with the firewall rule. Though, I wouldn't allow telnet, at all. Are you sure you need it?
-- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686
Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Big agree with this. It's called defence in depth. However every security decision must be made while considering the trade-offs. Tradeoffs are the possible negative affects of having such strong security, and the most common one is having the security you implemented turn against it's purpose, blocking authorised and identified users.