[PLUG] IPtables internal port forwarding

[m0gely]

Rich Shepard wrote:
> On Wed, 6 May 2009, m0gely wrote:
> 
>> If you're using an up-to-date sshd, and employ good password practices,
>> what's the point of doing all this? Honest question.
> 
>    The firewall appliance replaced the old floppyfw that ran for years. It's
> silent, small, and works. The denyhosts is an addition to the
> /etc/hosts.allow and the sshd requirement for access only for those users in
> /etc/passwd. Didn't use that for years, but an extra layer doesn't hurt
> anything and has no overhead that I see.

Overhead exists in installation, setup, updating, and maintenance of 
another service. Denyhosts has its own vulnerabilities from time to 
time. More services create more attack vectors. This isn't a criticism. 
I was just curious as to the reasons.

-- 
m0gely