Ravi <rg27@cse.buffalo.edu> wrote:
[..]
> On a Redhat Linux 9 machine do services controlled by xinetd check
> hosts.allow and hosts.deny before or after iptables? Why are TCP
> wrappers needed when iptables exist and are enabled?

Security is like an onion, the more trays, the better. Iptables and
tcp_wrapper have nothing in common, despite the ability to allow/deny
access to services. Usually a packet will go through iptables before
tcp_wrappers, so if your firewall fails for whatever reason, you still
have tcp_wrapper. If possible I'd use both.

Good luck

--
Michael Heiming

Remove +SIGNS and www. if you expect an answer, sorry for
inconvenience, but I get tons of SPAM