Maybe it's time to get rid of tcpwrappers/tcpd?
Reindl Harald
h.reindl at thelounge.net
Fri Mar 21 19:04:43 UTC 2014
Am 21.03.2014 20:02, schrieb Florian Weimer:
> * Lennart Poettering:
>
>>> So offer something with equivalent functionality (and config file
>>> syntax compatibility), with a nice modern clean API and then systemd
>>> and others can be moved over to that 1 by 1, and once we've no more
>>> users left we can kill of the old beast ?
>>
>> Nope. In systemd we already support one subsystem for filtering just
>> fine, it's called a firewall.
>
> Does this subsystem support DNS-based rules?
and even if it does you do *not* want dns-resolution based
on packets instead connections - guess how many users would
make the mistake resulting in a selfDOS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140321/cdaae292/attachment.sig>
More information about the devel
mailing list