By popular choice(dinesh's recommendation and one vote from Jtd ;-) ) , we kick off our first discussion on the files /etc/host.deny and /etc/host.allow (note the order in which i mention them..it has deep spiritual significance!) and their interaction with inetd/tcpd/xinetd. Mebbe some bacground will help before we dive right into the subject... There is one important file..called /etc/services, that lists all the services your box is offering to the outside world. By service, we're referring to ftp, telnet, rlogin(yikes!!), smtp etc.These services 'listen' for requests on standard ports. You can also have other services running on the so-called non-privileged ports(ports > 1024). Now, you wouldnt want anyone (mis)using these services on offer. By misuse we mean using a weakness in any service to break into your(or someone else's) machine.. There are different ways to disallow such use.Different strategies and different points at which you can stop the intruder. On your box,the first point is the kernel itself. All inbound and outbound packets have to pass the kernel.(Obviously, since the kernel contains the implementation of your 'lower layers') . Stop the bugger before he even reaches up the stack.If you choose to do this, then ipchains is your friend. Or, if u want simple to configure protection, your needs arent too great, and the traffic not high..you can implement TCP Wrappers.This is the tcp daemon (tcpd). Like the chocolate wrapper, it wraps and protects your services.How it does that, what are the advantages and disadvantages - i leave open to the next writer..:-) ..and the next..and the next..!!

regards, kishor

If Linux is not the solution, you have the wrong problem.

_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com