gbonvehi,
I think there's a happy medium here not being addressed. When you say
Quote:
I'm running a machine to hold my web site, testing software, etc.
|
you should know that I'm doing some of the exact same things. Only certain applications use the 'host.allow, host.deny' or maybe it should more appropriately be stated that certainly applications do not use those files for authentication. Specifically, Apache has its own access roster that can be configured to allow and deny access to its services.
Now I don't know what FTP you use however the two I've used (proftp=past, vsftp=present) require an addition to hosts.allow along the lines of the following
Code:
[daemon] : [IP | netaddress/netmask | ALL] : allow
ex. vsftpd : 22.33.44.55 : allow
ex. proftpd : 22.33.44.0/255.255.255.0 : allow
ex. vsftpd : ALL : allow <-- last resort when absolutely necessary
Now that simply allows access to the service, further configuration is needed to allow specific login accounts (or general access if absolutely necessary)
One more comment I'd like to make, if you have an internal network and an external network you can certainly restrict access via that criteria so that services available to the your home/work are not necessarily available to the outside world. a simple
Code:
ALL : 192.168.X.X/255.255.255.0 : ALL
will allow access to all services for anyone on your internal LAN (also anyone who's hacked into your internal LAN...) however it will keep you from ripping your hair out in frustration when machines on a 'trusted' network are told no.
There's always a trade off between security and capability but it's very rarely all or nothing. If you'd like to seriously address security issues you may wish to research a little more at what options are available.