[arch-general] [arch-dev-public] dropping tcp_wrapper support
Thomas Bächler
thomas at archlinux.org
Sat Jul 16 13:46:41 EDT 2011
Am 16.07.2011 19:41, schrieb Andrea Scarpino:
> On 16 July 2011 19:32, Vic Demuzere <vic at demuzere.be> wrote:
>> So, you're saying that those 4 lines are easier than the 2 short ones
>> in hosts.allow? Ah well, I'll have to learn to write iptables scripts
>> then, I suppose.
> I mean its more intuitive in that way, you've more power on what is
> accepted and what isn't.; e.g. you can apply filters only to one
> interface.
>
> Why you should write an iptables script?
>
> BTW, sorry "-A INPUT -j REJECT" blocks everything then have to be at
> the last line, and not at first!
You shouldn't do it like this. Look at
/etc/iptables/simple_firewall.rules for a simple and non-broken template.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20110716/03baacd4/attachment-0001.asc>
More information about the arch-general
mailing list