On 01/11/2015 09:22 PM, Pasi Kärkkäinen wrote: > Hello, > > People who have their names in the Fedora tcp_wrappers changelog added to CC list.. > > Any comments about the below? Obviously aclexec feature would be useful for all services using tcpwrappers/libwrap (ftp,telnet,tftp,ident,nfs, and many others), > and thus very nice to have. > Hi please file a RFE bug on tcp_wrappers. I'll try to use the Debian patch. I'm going to use the Debian patch adding tcpwrappers support in openssh-6.7p1 likewise. Petr > > On Sat, Jan 10, 2015 at 12:16:38AM +0200, Pasi Kärkkäinen wrote: >> Hello, >> >> I recently noticed Debian/Ubuntu has had support for "aclexec" in tcp_wrappers via a custom patch since 2006, >> so you can do this in /etc/hosts.allow or hosts.deny: >> >> sshd: ALL: aclexec /usr/local/bin/sshfilter.sh %a >> >> if sshfilter.sh returns true the access is allowed, if sshfilter.sh returns false the access is denied. >> Very handy for integrating DNS RBLs and other IP databases etc. >> >> What do people feel about that? I'd like to see support for aclexec included in Fedora's tcp_wrappers package. >> >> I don't think there has been any upstream releases of tcp_wrappers in the near past, >> so that aclexec feature is not upstream.. but the patch that Debian/Ubuntu are using is available. >> >> >> Debian tcp_wrappers changelog: >> http://archive.debian.net/changelogs/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.q-16/changelog >> >> "New patch aclexec: adds the aclexec command and its documentation." was added in 2006. >> >> >> Thanks, >> >> -- Pasi >> > -- Petr Lautrbach
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
