Fedora tcp_wrappers (missing) support for custom acl scripts, aclexec
Pasi Kärkkäinen
pasik at iki.fi
Fri Jan 9 22:57:22 UTC 2015
On Fri, Jan 09, 2015 at 11:47:52PM +0100, Michael Stahl wrote:
> On 09.01.2015 23:16, Pasi Kärkkäinen wrote:
> > Hello,
> >
> > I recently noticed Debian/Ubuntu has had support for "aclexec" in tcp_wrappers via a custom patch since 2006,
> > so you can do this in /etc/hosts.allow or hosts.deny:
> >
> > sshd: ALL: aclexec /usr/local/bin/sshfilter.sh %a
> >
> > if sshfilter.sh returns true the access is allowed, if sshfilter.sh returns false the access is denied.
> > Very handy for integrating DNS RBLs and other IP databases etc.
> >
> > What do people feel about that? I'd like to see support for aclexec included in Fedora's tcp_wrappers package.
>
> seems a bit pointless to add this now considering this bit from the
> OpenSSH 6.7 release notes:
>
> http://lwn.net/Articles/615173/
>
> * sshd(8): Support for tcpwrappers/libwrap has been removed.
>
Right.. I wasn't aware of that. Why on earth did they remove tcpwrappers support :(
Do you know what was the reasoning behind that?
Then again tcpwrappers "aclexec" can be used for other services aswell, not just openssh..
-- Pasi
More information about the devel
mailing list