On Fri, 18 Aug 2017, Jason L Tibbitts III wrote:
Sadly I know how terrible tcp_wrappers is and so I know it needs to
go
away.
just because crows trying to protect their young will 'mob' a
hawk hunting to feed her young does not make the hawk
terrible; latest is not always greatest
I found the ranting toward wrappers unconvincing years ago -
- I remain unconvinced that it is terrible code
It's just unfortunate that there's no replacement for it
besides
firewalling, and dealing with the firewall is unfortunately so
complicated.
wrappers will invoke the resolver, and do PTR lookups, and so
can do:
- hostname based,
- domain related, and
- absent DNS information based blocking
I know of no way to do these tasks with the 'firewalld' code
-- Russ herrold