Tom Horsley writes:
On Tue, 15 Aug 2017 13:58:16 +0200 Jakub Jelen wrote: > Thank you for comments and constructive ideas. I certainly never understood why it existed at all, unless maybe it pre-dated having a firewall. It seems totally redundant to the firewall.
tcp_wrappers was useful. A long time ago. But in the modern age, Internet- facing apps need more sophisticated IP-based access checks. More than a simple accept/reject based on the IP address.
For a mail server, for example, receiving mail from the modern Internet requires a rate-limiting solution; or at the very least a limit on the maximum number of connections from an IP address range. Often I would leave a terminal window scrolling through my mail logs, and I see an attempted dictionary attack at least once an hour.
So, modern Internet-facing apps have to code their own connection filters, tailored for their specific use case. As such, given that they already implement IP address checks, they typically already support the meager functionality that tcp_wrappers implements itself, and they have no need for it.
Attachment:
pgptLCGy_alcl.pgp
Description: PGP signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx