iptables versus hosts denied
John Summerfield
debian at herakles.homelinux.org
Fri Oct 19 01:31:30 UTC 2007
Guy Fraser wrote:
> I would tend to concur with this method.
>
> Use iptables to block those you wish to absolutely block, and
> use 'hosts.allow' to track all activity that is allowed through
> iptables. As an example I allow some connections through the
> firewall for ssh access, but then use additional restrictions
I do similarly: I allow unrestricted access from places (in Australia) I
know I might use. I rate-limit access from other places, to prevent
password enumeration.
I also run a vpn (openvpn) from my laptop for those times I get caught
out (and for better access to home and work).
> in 'hosts.allow' and log all successful as well as unsuccessful
> access attempts. I have a system that checks the logs and filters
> out normal activity, then emails all other activity for analysis.
>
> As someone once said, divide then conquer.
>
--
Cheers
John
-- spambait
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
Please do not reply off-list
More information about the fedora-list
mailing list