Fedora tcp_wrappers (missing) support for custom acl scripts, aclexec
Pasi Kärkkäinen
pasik at iki.fi
Mon Jan 12 08:35:39 UTC 2015
On Mon, Jan 12, 2015 at 09:15:39AM +0100, Petr Lautrbach wrote:
> On 01/11/2015 09:22 PM, Pasi Kärkkäinen wrote:
> > Hello,
> >
> > People who have their names in the Fedora tcp_wrappers changelog added to CC list..
> >
> > Any comments about the below? Obviously aclexec feature would be useful for all services using tcpwrappers/libwrap (ftp,telnet,tftp,ident,nfs, and many others),
> > and thus very nice to have.
> >
>
> Hi
>
> please file a RFE bug on tcp_wrappers. I'll try to use the Debian patch.
> I'm going to use the Debian patch adding tcpwrappers support in
> openssh-6.7p1 likewise.
>
OK, will do!
Thanks,
-- Pasi
> Petr
>
>
> >
> > On Sat, Jan 10, 2015 at 12:16:38AM +0200, Pasi Kärkkäinen wrote:
> >> Hello,
> >>
> >> I recently noticed Debian/Ubuntu has had support for "aclexec" in tcp_wrappers via a custom patch since 2006,
> >> so you can do this in /etc/hosts.allow or hosts.deny:
> >>
> >> sshd: ALL: aclexec /usr/local/bin/sshfilter.sh %a
> >>
> >> if sshfilter.sh returns true the access is allowed, if sshfilter.sh returns false the access is denied.
> >> Very handy for integrating DNS RBLs and other IP databases etc.
> >>
> >> What do people feel about that? I'd like to see support for aclexec included in Fedora's tcp_wrappers package.
> >>
> >> I don't think there has been any upstream releases of tcp_wrappers in the near past,
> >> so that aclexec feature is not upstream.. but the patch that Debian/Ubuntu are using is available.
> >>
> >>
> >> Debian tcp_wrappers changelog:
> >> http://archive.debian.net/changelogs/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.q-16/changelog
> >>
> >> "New patch aclexec: adds the aclexec command and its documentation." was added in 2006.
> >>
> >>
> >> Thanks,
> >>
> >> -- Pasi
> >>
> >
>
>
> --
> Petr Lautrbach
>
>
More information about the devel
mailing list