From: "Per Jessen"
Bruce Marshall wrote:
Isn't it true that hosts.deny will only be used when someone has gotten by your firewall?
Yes, that is correct.
For non-public services I would personally go for deny all, then allow individual services and/or networks. For public services, I wouldn't bother with blocking e.g. IP-ranges, but instead secure those services against attacks.
Thanks Per, that's what I've done. It's just annoying seeing all the apnic IP attempts at getting in. So far no one had gotten in, but I want to stop them from knocking on the door. Rejecting the most notorious IP's seemed like a logical protection to put in place.... -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 www.rankinlawfirm.com -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.8.4/364 - Release Date: 6/14/06 -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com