On Thu, Mar 20, 2014 at 12:55:56PM -0700, Keith Keller wrote: > > What do you think? Do you rely on hosts.allow/hosts.deny a primary security > > mechanism? As defense-in-depth? Do you have policies which mandate it? > I currently use it in conjunction with denyhosts, but have been > considering moving to something like sshguard with iptables instead. If > hosts.deny support disappeared then I would simply go that route when > necessary. > May I ask what the reason is for considering dropping tcp wrappers > support? I think the main reasons are: upstream library isn't actually maintained since June 2001. The API is somewhat ugly and crufty. Possibly also one more place to check, making systems administration harder. -- Matthew Miller mattdm at mattdm.org <http://mattdm.org/>