On Fri, 18 Aug 2017, Jason L Tibbitts III wrote:
Sadly I know how terrible tcp_wrappers is and so I know it needs to go away.
just because crows trying to protect their young will 'mob' a hawk hunting to feed her young does not make the hawk terrible; latest is not always greatest
I found the ranting toward wrappers unconvincing years ago - - I remain unconvinced that it is terrible code
It's just unfortunate that there's no replacement for it besides firewalling, and dealing with the firewall is unfortunately so complicated.
wrappers will invoke the resolver, and do PTR lookups, and so can do: - hostname based, - domain related, and - absent DNS information based blocking
I know of no way to do these tasks with the 'firewalld' code
-- Russ herrold