jkurik wrote:
[...]
https://fedoraproject.org/wiki/Changes/Deprecate_TCP_wrappers
TCP wrappers is a simple tool to block incoming connection on
application level. This was very useful 20 years ago, when there were
no firewalls in Linux. This is not the case for today and connection
filtering should be done in network level or completely in application
scope if it makes sense. [...]
Usefulness is in the eye of the beholder. It is certainly useful to
some people today, as a defence-in-depth measure if nothing else.
Another factor which has driven the deprecation of this package is
the
lack of any upstream community around it.
A simple finished piece of software does not require an upstream community.
Although the threats on networking communications increase, the
threat
coverage of this package has remained the same the last two decades,
suggesting that new threats are now being handled on different
components. [...]
This does not mean that the threats handled adequately by tcp-wrappers
are moot or irrelevant.
If despite objections like this, y'all were to go ahead and ditch
tcp-wrapper linked-in support, please at least request retention of
capability to wrap the servers with tcpd (or equivalent) ourselves.
- FChE