>>>>> "DM" == Damien Miller <djm@xxxxxxxxxxx> writes: DM> This is an early warning: OpenSSH will drop tcpwrappers in the next DM> release. This will need a wider announcement. Most auto-block solutions I've looked at add entries to hosts.allow. Everyone using such will need to adapt their setup to cope. Several use the notion of of a spawn line in hosts.allow. With the loss of tcpwrapper, openssh should add an option to run a command for each incomming conenction (before it sends the banner, et alia) which can check for abuse patterns and add (or expire) a packet filter. The external should be expected to return zero to permit the connection or non-zero to prevent it, plus perform any side-effects the admin wants. -JimC -- James Cloos <cloos@xxxxxxxxxxx> OpenPGP: 0x997A9F17ED7DAEA6 _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev