[TriLUG] Fedora Core Firewall configurator and /etc/hosts.allow (deny)

[Matt Frye]

> > Am I correct in assuming that the GUI configurator that runs during
> > install for the firewall setup puts its informatino in the
> > /etc/hosts.allow and hosts.deny files, or are these files just another
> > level of security to protect my box from unwanted connections?
> >
> 
> hosts.allow/deny are used for protecting services on a per-service basis.
> The configurator modifies /etc/sysconfig/iptables.

Yes, true.  /etc/hosts.allow and /etc/hosts.deny are to configure TCP
wrappers, which filter on a socket level.  iptables filters at the
kernel level.

Incidentally, it's widely held that TCP wrappers are vulnerable to
fragment based attacks, ip spoofing, etc.  I find TCP wrappers useful
for test boxes and systems where alot of applications move in and out,
and I'm logged in fairly often.  Iptables is much more granular and I
would use it on systems that don't change too much.

MPF