[PLUG] IPtables internal port forwarding
m0gely
m0gely at gmail.com
Thu May 7 17:43:31 UTC 2009
Rich Shepard wrote:
> On Wed, 6 May 2009, m0gely wrote:
>
>> If you're using an up-to-date sshd, and employ good password practices,
>> what's the point of doing all this? Honest question.
>
> The firewall appliance replaced the old floppyfw that ran for years. It's
> silent, small, and works. The denyhosts is an addition to the
> /etc/hosts.allow and the sshd requirement for access only for those users in
> /etc/passwd. Didn't use that for years, but an extra layer doesn't hurt
> anything and has no overhead that I see.
Overhead exists in installation, setup, updating, and maintenance of
another service. Denyhosts has its own vulnerabilities from time to
time. More services create more attack vectors. This isn't a criticism.
I was just curious as to the reasons.
--
m0gely
More information about the PLUG
mailing list