On Fri, Jan 09, 2015 at 11:47:52PM +0100, Michael Stahl wrote: > On 09.01.2015 23:16, Pasi Kärkkäinen wrote: > > Hello, > > > > I recently noticed Debian/Ubuntu has had support for "aclexec" in tcp_wrappers via a custom patch since 2006, > > so you can do this in /etc/hosts.allow or hosts.deny: > > > > sshd: ALL: aclexec /usr/local/bin/sshfilter.sh %a > > > > if sshfilter.sh returns true the access is allowed, if sshfilter.sh returns false the access is denied. > > Very handy for integrating DNS RBLs and other IP databases etc. > > > > What do people feel about that? I'd like to see support for aclexec included in Fedora's tcp_wrappers package. > > seems a bit pointless to add this now considering this bit from the > OpenSSH 6.7 release notes: > > http://lwn.net/Articles/615173/ > > * sshd(8): Support for tcpwrappers/libwrap has been removed. > Right.. I wasn't aware of that. Why on earth did they remove tcpwrappers support :( Do you know what was the reasoning behind that? Then again tcpwrappers "aclexec" can be used for other services aswell, not just openssh.. -- Pasi -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
