On Thu, 20 Mar 2014 18:34:22 +0100 Lennart Poettering <mzerqung@xxxxxxxxxxx> wrote: > I doubt there are many people even using them anymore, firewalls are > more comprehensive and a lot more powerful, and while every admin knows > firewalls, I figure only very few know tcpd/tcpwrap, and even fewer ever > actively make use of them... I use tcpwrappers through denyhosts, which write out /etc/hosts.deny. Then openssh-server then uses the tcpwrappers to apply the rules (AFAIK). When I investigated it, denyhosts was superior to fail2ban due to the latter doing some crazy stuff with iptables that made me uncomfortable. Also, this: Installing: fail2ban noarch 0.9-0.3.git1f1a561.fc20 fedora 261 k Installing for dependencies: ed x86_64 1.10-1.fc20 updates 72 k gamin-python x86_64 0.1.10-15.fc20 fedora 34 k python-inotify noarch 0.9.4-4.fc20 fedora 49 k systemd-python x86_64 208-15.fc20 updates 80 k I agree that tcpwrappers should die in favour of firewalls. Folks working on fail2ban are already considering integration with firewalld, which seems like a great idea. Too bad fail2ban is just as crusty as tcpwrappers. If we only had denyhosts that executed firewall-cmd... -- Pete -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
