Fedora tcp_wrappers (missing) support for custom acl scripts, aclexec
Pasi Kärkkäinen
pasik at iki.fi
Fri Jan 9 22:16:38 UTC 2015
Hello,
I recently noticed Debian/Ubuntu has had support for "aclexec" in tcp_wrappers via a custom patch since 2006,
so you can do this in /etc/hosts.allow or hosts.deny:
sshd: ALL: aclexec /usr/local/bin/sshfilter.sh %a
if sshfilter.sh returns true the access is allowed, if sshfilter.sh returns false the access is denied.
Very handy for integrating DNS RBLs and other IP databases etc.
What do people feel about that? I'd like to see support for aclexec included in Fedora's tcp_wrappers package.
I don't think there has been any upstream releases of tcp_wrappers in the near past,
so that aclexec feature is not upstream.. but the patch that Debian/Ubuntu are using is available.
Debian tcp_wrappers changelog:
http://archive.debian.net/changelogs/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.q-16/changelog
"New patch aclexec: adds the aclexec command and its documentation." was added in 2006.
Thanks,
-- Pasi
More information about the devel
mailing list