[CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

Thu Mar 20 22:23:24 UTC 2014
Les Mikesell <lesmikesell at gmail.com>

On Thu, Mar 20, 2014 at 4:39 PM,  <m.roth at 5-cent.us> wrote:
> Matthew Miller wrote:
>> On Thu, Mar 20, 2014 at 06:14:56PM -0300, Fernando Cassia wrote:
> <snip>
>>> Fail2ban is one piece of software which interfaces with tcp wrappers.
>>> v0.9.0 just out
>>> http://www.fail2ban.org/wiki/index.php/Main_Page
>> Yes, and know for sure people use that -- I do, for example. But I use it
>> to manipulate IP tables, which is more secure and less fragile than the
>> hosts.deny action (it's always a bit scary when configuration files are
>> edited by a program!). Because it is actively maintained upstream, there's
>> even support for new things like firewalld.
> <snip>
> Yup - that's what we do here, use fail2ban to manipulate iptables.

Not sure there's a one-to-one mapping or even a conceptual overlap in
what tcpwrappers and iptables do.   Applications can be configured to
use different ports than someone setting up iptables might expect -
and how would you handle portmapper?

   Les Mikesell
     lesmikesell at gmail.com