Hello, People who have their names in the Fedora tcp_wrappers changelog added to CC list.. Any comments about the below? Obviously aclexec feature would be useful for all services using tcpwrappers/libwrap (ftp,telnet,tftp,ident,nfs, and many others), and thus very nice to have. Thanks, -- Pasi On Sat, Jan 10, 2015 at 12:16:38AM +0200, Pasi Kärkkäinen wrote: > Hello, > > I recently noticed Debian/Ubuntu has had support for "aclexec" in tcp_wrappers via a custom patch since 2006, > so you can do this in /etc/hosts.allow or hosts.deny: > > sshd: ALL: aclexec /usr/local/bin/sshfilter.sh %a > > if sshfilter.sh returns true the access is allowed, if sshfilter.sh returns false the access is denied. > Very handy for integrating DNS RBLs and other IP databases etc. > > What do people feel about that? I'd like to see support for aclexec included in Fedora's tcp_wrappers package. > > I don't think there has been any upstream releases of tcp_wrappers in the near past, > so that aclexec feature is not upstream.. but the patch that Debian/Ubuntu are using is available. > > > Debian tcp_wrappers changelog: > http://archive.debian.net/changelogs/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.q-16/changelog > > "New patch aclexec: adds the aclexec command and its documentation." was added in 2006. > > > Thanks, > > -- Pasi > -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
