Re: Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Thu, Mar 20, 2014 at 05:23:24PM -0500, Les Mikesell wrote:
> > Yup - that's what we do here, use fail2ban to manipulate iptables.
> Not sure there's a one-to-one mapping or even a conceptual overlap in
> what tcpwrappers and iptables do.   Applications can be configured to
> use different ports than someone setting up iptables might expect -
> and how would you handle portmapper?

Reasonable question. :) Ideally, you'd handle portmapper by using NFSv4 so
it's not required. Or recommend using rpcbind and fixed port numbers. (See
for example
<https://www.centos.org/docs/5/html/5.2/Deployment_Guide/s2-sysconfig-nfs.html>)

But I think the proposal would leave the library there for legacy programs
which really want to use it, just not link core components to it anymore.


-- 
Matthew Miller           mattdm@xxxxxxxxxx          <http://mattdm.org/>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux