On Tue, Mar 25, 2014 at 03:42:59AM +0100, Reindl Harald wrote:
> 3) The modern alternative suggested is a removal of the code and
> relying on the firewall
which is *not* layered security
Not alone, certainly. The suggestion, I think, would be that in most cases
you can get an equivalent layer through application-specific configuration,
and that plus host firewall plus network firewall (possibly both per subnet
and at the border) provides reasonable defense in depth.
I'm not personally saying that tcp_wrappers _can't_ provide another useful
layer in some situations; just trying to be fair to the argument.
Matthew Miller -- Fedora Project -- <mattdm(a)fedoraproject.org>