iptables versus hosts denied

John Summerfield debian at herakles.homelinux.org
Fri Oct 19 01:31:30 UTC 2007


Guy Fraser wrote:

> I would tend to concur with this method.
> 
> Use iptables to block those you wish to absolutely block, and
> use 'hosts.allow' to track all activity that is allowed through
> iptables. As an example I allow some connections through the 
> firewall for ssh access, but then use additional restrictions 

I do similarly: I allow unrestricted access from places (in Australia) I 
know I might use. I rate-limit access from other places, to prevent 
password enumeration.

I also run a vpn (openvpn) from my laptop for those times I get caught 
out (and for better access to home and work).

> in 'hosts.allow' and log all successful as well as unsuccessful 
> access attempts. I have a system that checks the logs and filters 
> out normal activity, then emails all other activity for analysis.
> 
> As someone once said, divide then conquer.
> 


-- 

Cheers
John

-- spambait
1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu

Please do not reply off-list




More information about the users mailing list