As the title states, I have a linux box. As far as I can tell I can use hosts.allow / hosts.deny or iptables to secure. What's the difference? Is there another mechanism that can be used?
IPTables works at the Kernel level. In general this means it has no knowledge of applications or processes. It can only filter based on what it gets from the various packet headers for the most part.
The host.allow/deny however operates on the application/process level. You can create rules for various processes or daemons running on the system.
So for example IPTables can filter on port 22. SSH can be configured to use this port and generally is, but it can also be configured to be on a different port. IPTables does not know which port it is on, it only knows about the port in the TCP header. The hosts.allow files however can be configured for certain daemons such as the openssh daemon.
If you have to chose I would generally opt for at a minimum IPTables. I view the hosts.allow as a nice bonus. Even thought it seems like the daemon levels seems easier IPTables will block the packet before it really even gets very far. With security the sooner you can block something the better. However, I am sure there are situations however that change this choice.Tweet