* Stephen John Smoogen: > Actually they are used quite a bit in various service worlds. Mainly for > ssh and email for dealing with scanners. [DenyHosts is a boon in this > area.] I believe DenyHosts is unmaintained as well: <https://bugzilla.redhat.com/show_bug.cgi?id=1045983> > At the enterprise level firewalls can come under a different set of change > control rules than something like tcpwrappers which is considered > application level. I think it's difficult to generalize in this area. There is no inherent reason why an iptables-based local packet filter has to follow the same sign-off rules as a device on the forwarding path. >From my POV, it is kind of neat that you can grant access to *.enyo.de and deny every thing else. This is quite helpful against scanners and worms, and programs like OpenSSH rely on tcpwrappers to implement this. It's not clear to me if this has to happen at the systemd level, though. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
