Re: VETO! Re: heads up: tcpwrappers support going away

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Wed, Apr 23, 2014 at 3:40 PM, mancha <mancha1@xxxxxxxx> wrote:
> On Wed, Apr 23, 2014 at 02:31:43PM -0500, Ben Lindstrom wrote:
>> Personally, I'm glad to see us finally doing away with tcpwrapper. It
>> is a dark part of our history that should be scorched from the planet
>> so we can get people to start doing stuff  the right away^H^H^H^H our way

Fixed That For You(tm).

> Don't use "--with-tcp-wrappers"
>
> --mancha

tcp_wrappers has been a much, much easier and safer to set up
lightweight, application firewall filter for a *long* time. It's been
useful aand safer to implement than the plethora of easily fractured
firewall configurations configured, and inconsistently configured, by
every GUI script kiddie with an attitude who's never actually learned
to do flow charts and logic diagrams and really understand how
firewalls work.

It's integration with SSH has helped make SSH safer to configure when
touching the firewall was out of the scope of the host specific admin,
and I've personally encountered such situations. (Do not get me
*started* on Puppet, Tuttle, CFengine and Chef admins who will insist
on retaining sitewide control of the firewall configs and really don't
know how to do them well.) iptables and pif are ikely to be overridden
in a larger environment by someone else's standards, but you can get
away with noticeably improved system access control despite this by
configuring at least tcp_wrappers.

Please leave in a lightweight, stable, useful future.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux