What is the difference between securing a linux box using hosts.[allow|deny] vs iptables?

security linux iptables

Solution 1:

IPTables works at the Kernel level. In general this means it has no knowledge of applications or processes. It can only filter based on what it gets from the various packet headers for the most part.

The host.allow/deny however operates on the application/process level. You can create rules for various processes or daemons running on the system.

So for example IPTables can filter on port 22. SSH can be configured to use this port and generally is, but it can also be configured to be on a different port. IPTables does not know which port it is on, it only knows about the port in the TCP header. The hosts.allow files however can be configured for certain daemons such as the openssh daemon.

If you have to chose I would generally opt for at a minimum IPTables. I view the hosts.allow as a nice bonus. Even thought it seems like the daemon levels seems easier IPTables will block the packet before it really even gets very far. With security the sooner you can block something the better. However, I am sure there are situations however that change this choice.

Related

Identifying current main DHCP server
Configured MySQL for SSL , but SSL is still DISABLED..!
How to query DNS for special **NAMED** TXT records
Rsync: backup Windows to Linux (remote) [migrated]
Apache, redirect for a moved directory
How to select network interface given ip address in ansible across Debian and FreeBSD?
Find the probability that the ball ends up in the slot in the middle
On convolution theorem and Fourier transform
$p$-adic valuation on algebraic numbers
If $V = \emptyset$, what does the ideal $I(V)$ consist of?
unique representation of primes as a sum of 2 squares [duplicate]
Extending 2-adic valuation to real numbers