So I'm reading my book (I've been more than slacking on this!) and I got to a part saying:
/etc/hosts.deny | vsftpd: ALL
/etc/hosts.allow | vsftpd: 192.168.1.10, 192.168.1.102
"Be aware that hosts.deny is read and applied first, followed by hosts.allow. That means any directive in hosts.allow trumps any conflicting directive in hosts.deny. If an unauthorized host tries to connect, the request fails."
It's probably because I've been around other filtering methods but the context seems wrong to me.
1) If hosts.deny is read first AND the /etc/hosts.deny is written to deny everything - wouldn't everything be denied?
So in theory:
A packet comes from 192.168.1.10. It's read by hosts.deny (Afterall, It's read first). The packet is dropped (It's filter marks ALL). That's it. /etc/hosts.allow will never get a chance to say "Whoa boy, simmer down!"
With that said:
"Any directive in hosts.allow trumps any conflicting directive in hosts.deny"
Hosts.allow will overrule hosts.deny checking.
Am I reading this correctly?
If yes: Why is /etc/hosts.deny read first prior allowing service access?
It seems inefficient to not use /etc/hosts.allow first, and then have /etc/hosts.deny read second.