More Ubuntu 16.04 network security with tcpwrappers, sysctl and nmap


It may be old school, tcpwrappers is deprecated in many OS. It’s easier than a firewall to make fast or temporary changes and most importantly provides redundancy. With tcpwrappers and a firewall, there is no single point of failure.

# vi /etc/hosts.allow

To prevent logs from growing out of control, configure logrotate.

# vi /etc/logrotate.d/tcpwrappers


To help harden your network from various attacks, add the following to the end of sysctl.conf, and be sure they are not uncommented elsewhere.

# vi /etc/sysctl.conf

Reload sysctl

# sysctl -p


To be able to scan your systems for vulnerabilities install nmap.

# apt -y install nmap

For documentation, refer to

In summary, there are many things you can do to add security to your Ubuntu Linux system, what we have covered so far in this series, are essentials. Be sure to see the other posts.