Agenda for Fedora Server WG Meeting (2014-03-25)
Matthew Miller
mattdm at fedoraproject.org
Tue Mar 25 11:04:54 UTC 2014
On Tue, Mar 25, 2014 at 03:42:59AM +0100, Reindl Harald wrote:
> > 3) The modern alternative suggested is a removal of the code and just
> > relying on the firewall
> which is *not* layered security
> http://www.spinics.net/lists/fedora-devel/msg196606.html
Not alone, certainly. The suggestion, I think, would be that in most cases
you can get an equivalent layer through application-specific configuration,
and that plus host firewall plus network firewall (possibly both per subnet
and at the border) provides reasonable defense in depth.
I'm not personally saying that tcp_wrappers _can't_ provide another useful
layer in some situations; just trying to be fair to the argument.
--
Matthew Miller -- Fedora Project -- <mattdm at fedoraproject.org>
More information about the server
mailing list