[PLUG] TCP Wrappers and IPs
Carla Schroder
carla at bratgrrl.com
Tue Feb 21 23:43:13 UTC 2006
On Tuesday 21 February 2006 07:46, Roderick A. Anderson wrote:
> Is there any benefit to having IP addresses in the hosts.deny and
> hosts.allow files in a sorted order?
>
> I'm running DenyHosts (http://denyhosts.sourceforge.net/) to cut down on
> the ssh attacks on several systems. The files are getting quite large.
> Since sshd has read them each time I figured sorted order would be a
> bit faster.
>
>
Ah, the original post. :) DenyHosts is quite nice, and a lot easier than
learning iptables. I don't think sorted order would gain much. Plain text
files are very fast for even old computers to read. If your hosts.deny and
hosts.allow files are so large that this would make a difference, I suggest
making your PURGE_DENY setting lower. Your hosts.deny file is the one that
should be big anyway, if your hosts.allow file is growing out of control I
would wonder what is going on.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
check out my "Linux Cookbook", the ultimate Linux user's
and sysadmin's guide! http://www.oreilly.com/catalog/linuxckbk/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the PLUG
mailing list