On 03/28/2014 12:49 PM, Pete Zaitcev wrote: > On Thu, 20 Mar 2014 18:34:22 +0100 > Lennart Poettering <mzerqung@xxxxxxxxxxx> wrote: > >> I doubt there are many people even using them anymore, firewalls are >> more comprehensive and a lot more powerful, and while every admin knows >> firewalls, I figure only very few know tcpd/tcpwrap, and even fewer ever >> actively make use of them... > > I use tcpwrappers through denyhosts, which write out /etc/hosts.deny. > Then openssh-server then uses the tcpwrappers to apply the rules (AFAIK). > When I investigated it, denyhosts was superior to fail2ban due to the > latter doing some crazy stuff with iptables that made me uncomfortable. > Also, this: > > Installing: > fail2ban noarch 0.9-0.3.git1f1a561.fc20 fedora 261 k > Installing for dependencies: > ed x86_64 1.10-1.fc20 updates 72 k > gamin-python x86_64 0.1.10-15.fc20 fedora 34 k > python-inotify noarch 0.9.4-4.fc20 fedora 49 k > systemd-python x86_64 208-15.fc20 updates 80 k > > I agree that tcpwrappers should die in favour of firewalls. > Folks working on fail2ban are already considering integration > with firewalld, which seems like a great idea. Too bad fail2ban > is just as crusty as tcpwrappers. If we only had denyhosts that > executed firewall-cmd... > > -- Pete > What gives you the impression that fail2ban is "crusty"? It's being actively developed upstream and integrates with firewalld now. Are those particularly onerous dependencies? -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA/CoRA Division FAX: 303-415-9702 3380 Mitchell Lane orion@xxxxxxxxxxxxx Boulder, CO 80301 http://www.cora.nwra.com -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
