Maybe it's time to get rid of tcpwrappers/tcpd?
Philip Prindeville
philipp_subx at redfish-solutions.com
Thu Mar 20 21:39:56 UTC 2014
On Mar 20, 2014, at 12:31 PM, Martin Langhoff <martin.langhoff at gmail.com> wrote:
> On Thu, Mar 20, 2014 at 1:34 PM, Lennart Poettering <mzerqung at 0pointer.de> wrote:
> I wonder whether it wouldn't be time to say goodbye to tcpwrappers in
> Fedora. There has been a request in systemd upstream to disable support
>
> As Stephen points out, they are used. Does systemd+xinetd match their functionality?
>
> cheers,
>
>
> m
I have to say that there are certain out-of-the-box services that it’s nice to be able to block access at the application-level, which would be hard to do at the transport or network layer.
RPC-based services being the most obvious, but also things like FTP or TFTP or VNC or X that don’t always have port numbers that are easily expressed… Then there’s filtering on DNS hostname suffixes, etc… NIS+ membership...
I’m fine with seeing systemd being decoupled from them, but I’d like to see legacy services continue to work with tcpwrappers (libwrap).
-Philip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140320/e65117d4/attachment.html>
More information about the devel
mailing list