On Thu, Mar 20, 2014 at 4:39 PM, m.roth@5-cent.us wrote:
Matthew Miller wrote:
On Thu, Mar 20, 2014 at 06:14:56PM -0300, Fernando Cassia wrote:
<snip> >> Fail2ban is one piece of software which interfaces with tcp wrappers. >> v0.9.0 just out >> http://www.fail2ban.org/wiki/index.php/Main_Page > > Yes, and know for sure people use that -- I do, for example. But I use it > to manipulate IP tables, which is more secure and less fragile than the > hosts.deny action (it's always a bit scary when configuration files are > edited by a program!). Because it is actively maintained upstream, there's > even support for new things like firewalld. <snip>
Yup - that's what we do here, use fail2ban to manipulate iptables.
Not sure there's a one-to-one mapping or even a conceptual overlap in what tcpwrappers and iptables do. Applications can be configured to use different ports than someone setting up iptables might expect - and how would you handle portmapper?