Maybe it's time to get rid of tcpwrappers/tcpd?

Reindl Harald h.reindl at thelounge.net
Fri Mar 21 00:02:22 UTC 2014



Am 21.03.2014 01:00, schrieb Lennart Poettering:
> On Thu, 20.03.14 13:44, Stephen John Smoogen (smooge at gmail.com) wrote:
> 
>>> Well, all mails servers as well as sshd have much better ways to do
>>> such filtering. sshd has "Match",  Postfix for example has
>>> "smtpd_client_restrictions=", and so on.
>>>
>> And now I need to have X number applications special syntax to
>> whitelist/blacklist a site. I need to change X files to make that change.
>> Each of those could be a separate change control process depending on the
>> size of the organization. Or I have 1 file that I can make a change to
>> which has usually one syntax and one set of reviews.
> 
> Well, if you filter in postfix or ssh, then you have a domain-specific,
> powerful language there. You can not only match on source addresses, but
> also on user names, groups, authentication methods, connection features
> SASL schemes, crypto algorithms

what has this to do with "I have 1 file that I can make a change to
which has usually one syntax and one set of reviews"?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140321/c45e496b/attachment.sig>


More information about the devel mailing list