2

I'm in the middle of securing an OSX server that is the target of hundreds of automated requests per second from Chinese, Russian and US servers (see: Recovering a server from being an open relay).

I've used ipfw to set up rules that exclude all but local IP requests (i.e. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16).

What is the difference between setting up ipfw rules, and implementing similar rules in hosts.allow/hosts.deny?

As I understand it, the hosts files affect tcp-wrapped services (so may not be as holistic as ipfw). Would that also mean that they come after the firewall (so no point in using both)?

Community
  • 1
brass-kazoo
  • 178

1 Answers1

3

The files hosts.allow and hosts.deny are, so to say, deprecated. They are mainly used for tcp-wrapper and maybe used by other services or applications. But if they are used depends on the implementation of the program.

Using a firewall is the preferred method because their rules are based on IPs, ports and other criteria. The firewall is independent of the application listening on the IP/port and therefore always catches the traffic.

And yes the hosts.* files are effective after the firewall. That said, you do not need them.

Nathan
  • 107
mailq
  • 17,251