IMO, the whole tcp_wrappers thingy is getting kinda silly. People call it a 'cleaner way of controlling/limiting connections'. I strongly disagree, in the sense that You actually have to implent it in the daemon you're using it against, in most cases breaking good socketing practice and protocol rules. (The socket is opened - and then closed immediately?) I know I'm going off topic, but I'm just wondering - Is there ANYTHING at all tcp_wrappers can do - that a well tuned firewall can't? bjorn > -----Original Message----- > From: arch-general-bounces@xxxxxxxxxxxxx > [mailto:arch-general-bounces@xxxxxxxxxxxxx] On Behalf Of RedShift > Sent: 14. oktober 2008 20:03 > To: General Discusson about Arch Linux > Subject: Re: [arch-general] bftp & denyhosts > > Sergey Manucharian wrote: > > On Mon, 13 Oct 2008 17:04:54 +0000 > > "Jon Kristian Nilsen" <jokr.nilsen@xxxxxxxxx> wrote: > > > >> Is ther any reason you are using bftp, instead of for example sftp? > >> > > Actually there is no specific reasons, it was installed 2 > years ago, > > and now services a whole bunch of users with complex chroot > > directories structure. Maybe I'll replace bftp with something else > > anyway. The only strange thing for me that I believed that > > hosts.deny/allow files are system-wide and I can rely on them, but > > it's not so. > > > > Sergey > > > > > > > > hosts.allow & hosts.deny is only effective on programs that > implement tcp_wrappers. > > Glenn >
