On Mon, Jan 12, 2015 at 09:15:39AM +0100, Petr Lautrbach wrote: > On 01/11/2015 09:22 PM, Pasi Kärkkäinen wrote: > > Hello, > > > > People who have their names in the Fedora tcp_wrappers changelog added to CC list.. > > > > Any comments about the below? Obviously aclexec feature would be useful for all services using tcpwrappers/libwrap (ftp,telnet,tftp,ident,nfs, and many others), > > and thus very nice to have. > > > > Hi > > please file a RFE bug on tcp_wrappers. I'll try to use the Debian patch. > I'm going to use the Debian patch adding tcpwrappers support in > openssh-6.7p1 likewise. > OK, will do! Thanks, -- Pasi > Petr > > > > > > On Sat, Jan 10, 2015 at 12:16:38AM +0200, Pasi Kärkkäinen wrote: > >> Hello, > >> > >> I recently noticed Debian/Ubuntu has had support for "aclexec" in tcp_wrappers via a custom patch since 2006, > >> so you can do this in /etc/hosts.allow or hosts.deny: > >> > >> sshd: ALL: aclexec /usr/local/bin/sshfilter.sh %a > >> > >> if sshfilter.sh returns true the access is allowed, if sshfilter.sh returns false the access is denied. > >> Very handy for integrating DNS RBLs and other IP databases etc. > >> > >> What do people feel about that? I'd like to see support for aclexec included in Fedora's tcp_wrappers package. > >> > >> I don't think there has been any upstream releases of tcp_wrappers in the near past, > >> so that aclexec feature is not upstream.. but the patch that Debian/Ubuntu are using is available. > >> > >> > >> Debian tcp_wrappers changelog: > >> http://archive.debian.net/changelogs/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.q-16/changelog > >> > >> "New patch aclexec: adds the aclexec command and its documentation." was added in 2006. > >> > >> > >> Thanks, > >> > >> -- Pasi > >> > > > > > -- > Petr Lautrbach > > -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
