Host protection in the past was typically performed with application
layer checks on the originating IP or hostname. This was (and still is)
frequently accomplished with libwrap, which verifies whether or not to
allow a connection based on the contents of the system wide
Host protection is one part of protecting a host, by preventing inbound packets from reaching higher layers. This is no substitute for tight application layer security. Strong network and host-level packet filters mitigate a host's exposure when it is connected to a network.
Example 7.1. Blocking a destination and using the
target, cf. Example D.17, “Adding a
prohibit route with route