From owner-freebsd-questions Mon May 28 16:28:19 2001 Delivered-To: freebsd-questions@freebsd.org Received: from dt051n37.san.rr.com (dt051n37.san.rr.com [204.210.32.55]) by hub.freebsd.org (Postfix) with ESMTP id 4F6B337B422 for ; Mon, 28 May 2001 16:28:16 -0700 (PDT) (envelope-from DougB@DougBarton.net) Received: from DougBarton.net (master [10.0.0.2]) by dt051n37.san.rr.com (8.9.3/8.9.3) with ESMTP id QAA59232; Mon, 28 May 2001 16:28:05 -0700 (PDT) (envelope-from DougB@DougBarton.net) Message-ID: <3B12DF04.E2A8AF7@DougBarton.net> Date: Mon, 28 May 2001 16:28:04 -0700 From: Doug Barton Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Tony Wells Cc: Lee Mark Mercado , freebsd-questions@FreeBSD.ORG Subject: Re: blocking IPs References: <002b01c0e7a8$33b81d40$a524aad8@dw35617> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Tony Wells wrote: > > Someone mentioned off-list that /etc/hosts.allow might be easier for a > newbie to setup, which I agree it is. The problem is it only controls > access to services that are started by inetd. That is not true on FreeBSD. At minimum it also allows control of the sshd that comes with the system. A firewall is a better choice for overall security, but if all the ports you actually have open are available to be controlled by hosts.allow, IMO you're at least 80% there, and that is sufficient for most desktop users. Doug To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message