[PLUG] Time server broken...
Eric Harrison
eharrison at mail.mesd.k12.or.us
Mon Feb 16 20:00:03 UTC 2004
On Mon, 16 Feb 2004, Jeme A Brelin wrote:
>
>On Mon, 16 Feb 2004, Paul Johnson wrote:
>> On Mon, Feb 16, 2004 at 01:07:55AM -0800, Darkhorse wrote:
>> > If I filter with iptables, aren't tcp wrappers
>> > redundant?
>>
>> No, don't put all your eggs in one basket.
>
>As I believe Mark Twain once wrote, "Put all your eggs in one basket...
>AND WATCH THAT BASKET!"
Good thing Mark Twain was not a sys admin ;-)
>iptables can do everything tcpwrappers do if you write the rules
>carefully.
And if you apply the same restrictions with two different pieces of
software, a security bug in one of them is likely to be stopped by
the other. Or, in the case that you did not write your iptables
rules "carefully", there is a chance that your tcpwrappers config
will be correct.
Defense in depth is your friend.
-Eric
More information about the PLUG
mailing list