From owner-freebsd-questions Wed Feb 14 9:23:59 2001 Delivered-To: freebsd-questions@freebsd.org Received: from trinity.lee.net (trinity.lee.net [208.229.121.1]) by hub.freebsd.org (Postfix) with ESMTP id 379D237B401 for ; Wed, 14 Feb 2001 09:23:55 -0800 (PST) Received: from journalstar.com (leepcD-096.sub-d.lee.net [208.205.127.96]) by trinity.lee.net (8.9.3/8.9.3) with ESMTP id LAA28237; Wed, 14 Feb 2001 11:23:45 -0600 Message-ID: <3A8ABEFE.26D0AFF7@journalstar.com> Date: Wed, 14 Feb 2001 11:23:10 -0600 From: Tony Wells X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.0.36 i386) X-Accept-Language: en MIME-Version: 1.0 To: Raymond Brighenti Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Which would be better hosts.allow or IPFirewall? References: <5.0.2.1.2.20010214130011.00aefb60@mail.webfront.net.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG TCP wrappers only affects services started through inetd. If you want control access to other services, say a database or such, you need to use a firewall. You don't need to have a dedicated firewall box, you can filter packets right on the host machine. There is a good article in the FreeBSD handbook on IPFirewall. Raymond Brighenti wrote: > > Hi, > > I'm in the process of setting up a few FreeBSD machines that will be > sitting on the Internet. > I'd like to limit access the IP addresses and ports of these machines but > currently putting them behind a dedicated firewall box is not an option. > > So in this situation does enabling/using IPFirewall just for the local > machine make it better/secure than hosts.allow? > > Thanks > > Ray > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message