24 Jul
2008
24 Jul
'08
12:24 a.m.
On Wed, 23 Jul 2008 19:05:13 +0200 Edgar Fuß wrote:
Why this? I do this with iptables. Hm. Mainly because I find hosts.{allow,deny} easier to handle in this case than (i)pf.conf. It's also somewhat more staightforward to maintain a single pair of hosts.* files consistent accross all mail servers than to deal with individual packet filter rules. And, if you like to, you can do more elaborate things with tcp wrappers than what I mentioned (and currently need).
I maintain the iptables configuration(s) (on Fedora in /etc/sysconfig/iptables) across machines using scp or rsync. No problem.
--Frank Elsner