Fedora tcp_wrappers (missing) support for custom acl scripts, aclexec

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

I recently noticed Debian/Ubuntu has had support for "aclexec" in tcp_wrappers via a custom patch since 2006,
so you can do this in /etc/hosts.allow or hosts.deny:

sshd: ALL: aclexec /usr/local/bin/sshfilter.sh %a

if sshfilter.sh returns true the access is allowed, if sshfilter.sh returns false the access is denied.
Very handy for integrating DNS RBLs and other IP databases etc.

What do people feel about that? I'd like to see support for aclexec included in Fedora's tcp_wrappers package.

I don't think there has been any upstream releases of tcp_wrappers in the near past,
so that aclexec feature is not upstream.. but the patch that Debian/Ubuntu are using is available.


Debian tcp_wrappers changelog:
http://archive.debian.net/changelogs/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.q-16/changelog

"New patch aclexec: adds the aclexec command and its documentation." was added in 2006.


Thanks,

-- Pasi

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux