iptables is not an external app. It's never "down" any more than /etc/hosts.deny is down. What can tcpwrappers do that iptables cannot do even better? Tom.III On Wed, Jun 23, 2021 at 10:32 AM Saint Michael <venefax@xxxxxxxxx> wrote: > any external app can be down at any time, while openssh remains active and > exposed, BUT libwrap is baked into openssh, so the protection will hold. > Libwrap is the last line of defense. Why remove it? > > On Wed, Jun 23, 2021 at 1:01 PM Lars Noodén <lars.nooden@xxxxxxx> wrote: > > > On 6/23/21 5:54 PM, Saint Michael wrote: > > > I compiled the latest version, 8.1, inside Centos 7.9, and > > [snip] > > > > What use-case would there be there for tcpwrappers that cannot be better > > solved with a packet filter? In the case of CentOS 7 you have nftables > > and iptables. > > > > /Lars > > > > _______________________________________________ > > openssh-unix-dev mailing list > > openssh-unix-dev@xxxxxxxxxxx > > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev