16 Jul
2011
16 Jul
'11
10:02 p.m.
On 16-07-2011 18:13, Andrea Scarpino wrote:
Technically this is what we did: without tcp_wrappers every input is accepted now.
I'd say that if not using iptables most input was already being accepted anyway so not supporting tcp_wrappers at all will make users more aware of what is allowed in.
You've to setup iptables to deny all input and accept only what you need. I never used iptables before, but now I find its syntax really simple, and powerful.
And while you are at it you might want to consider restricting the allowed outbound ip/ports for good measure ;) -- Mauro Santos