On Sun, 11.01.15 21:29, Tomasz Torcz (tomek@xxxxxxxxxxxxxx) wrote: > On Sat, Jan 10, 2015 at 12:16:38AM +0200, Pasi Kärkkäinen wrote: > > Hello, > > > > I recently noticed Debian/Ubuntu has had support for "aclexec" in tcp_wrappers via a custom patch since 2006, > > so you can do this in /etc/hosts.allow or hosts.deny: > > > > > > What do people feel about that? I'd like to see support for aclexec included in Fedora's tcp_wrappers package. > > Enhancing tcpwrappers isn't generally a way we are going: > https://lists.fedoraproject.org/pipermail/devel/2014-March/196913.html > > Above discussions is only about proposal, no change was made. But I highly doubt > any serious work on tcpwrappers will happen. Well, we *did* drop tcpwrap support from systemd. It's not just OpenSSH that is dropping it... tcpwrap should really be removed. Having such crap, unmaintained code responsible for security checks is completely backwards. Lennart -- Lennart Poettering, Red Hat -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
