Protocol Encapsulation

Mark Hummel mhummel at
Mon Aug 6 23:07:01 EST 2001

On Mon, 6 Aug 2001, Sam Couter wrote:

> Mark Hummel <mhummel at> wrote:
> > 
> Ah, then you want packet filtering or TCP wrappers.

Thanks, but I did know about TCP wrappers. Actually, Jeremy has suggested
just relying on hosts.allow and hosts.deny. I think that would sufficient. 
The only thing I was worried about was spoofing - a packet pretends to be
from one of the trusted machines...

> Packet filtering (firewalling):
> For a 2.2 kernel, look for stuff about ipchains.
> For a 2.4 kernel, look for stuff about iptables.
> Google is your friend.
> TCP wrappers:
> man hosts.allow and hosts.deny and tcpd. If your services are not running
> from inetd, you'll need to make sure they use libwrap. If they don't, you'll
> have to use packet filtering or use whatever access controls they provide
> themselves.
> Hope this helps.
> -- 
> Sam Couter          |   Internet Engineer   |
> sam at    |   tSA Consulting      |
> OpenPGP key ID:       DE89C75C,  available on key servers
> OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C

More information about the linux mailing list