Re: Maybe it's time to get rid of tcpwrappers/tcpd?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 21 Mar 2014, Lennart Poettering wrote:

I mean, in this day and age we should not consider an ACL language well
designed if it basically pushes users to use IDENT and DNS for
authentication. (And no, don't say the words DNSSEC, nobody sets that
up, we don't have it as default, and tcpwrap doesn't check wether DNSSEC
is enabled either, before trusting a hostname...).

we kinda do have dnssec per default. All DNS servers installed per
default do DNSSEC. Installing dnssec-trigger makes that even more
pervasive.

But I agree decisions based on DNS/reverse and IDENT are long dead.

The other 30% (i.e. simple IP range checks), are much better done in a
real firewall.

I agree.

Paul
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux