Hello,
Sorry if this was already posted.
Recently I learned how to use linux2.4 netfilter. Since it is a fairly
complete ip tool (tcp, udp, icmp), capable of a wide set of matchings
(source IP, dest port, ...) and also able to LOG, it seemed to me that all
hosts.{allow,deny} control through tcpd could be done by a convenient set
of host based (i.e. not in a firewall gateway) iptables rules. More than
this, speed seems to be improved by eliminating inetd - tcpd latency.
I want to know if my point of view is right, or if there is any
functionality that hosts.{allow,deny} scheme provides which iptables
can't.
If it is true, I would like to know if is there plans to migrate the
default security to host based netfilter, or at least provide some package
capable of configuring host security in terms of iptables (say, through a
script capable of translating hosts.{allow,deny} into iptables rules.
If this is known-old-discussion, can someone point out some links on the
subject to me?
Thank you,
Joao Assirati.
