Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I'm starting to look at securing my slackware box. I've got a basic understanding of host.allow/hosts.deny and I'm reading iptables tutorials (so far they make sense).
What I don't understand is the relationship between these two security systems. Should I be restricting traffic with hosts.(allow|deny) or should I be using iptables or both? What are the implications of using both - is it possible to set up contradictions where traffic is allowed under the hosts files and denied under iptables etc?
Can someone explain this or point me to a web page which compares the two systems?
hosts.allow and hosts.deny are part of tcpwrappers, which is a framework that any application can be hooked into to abstract ip security to it. this way a service listening on a port can do it's own security via an external library wihtout having to reimplement from scratch.
iptables sits within the kernel, not the user land, and will block traffic reaching that service port in the first place. if you block port 22 access in iptables then the netfitler hooks in the kernel will never let that traffic connect to the ssh daemon on port 22. if you do not block it, and instead restrict with tcpwrappers, then ssh recieves the actual data and then refers to hosts.allow etc... and then drops it there.
iptables is your firewall, tcpwrappers is your permissions... somethign like that. additionally many applications are not built with tcpwrappers support so can not benefit from it's functionality whereas iptables and netfilter sit infront of the services so will always see that traffic regardless of what is or isn't sitting behind it.
I would just look at them as different layers of security. If your requirements are fixed and simple (e.g. only allow connections to FTP from local network), then set up iptables and hosts.* the same way so you have 2 layers of protection. If one of them fails for some reason, you still have the other one to protect you.