On Thu, Mar 20, 2014 at 05:23:24PM -0500, Les Mikesell wrote: > > Yup - that's what we do here, use fail2ban to manipulate iptables. > Not sure there's a one-to-one mapping or even a conceptual overlap in > what tcpwrappers and iptables do. Applications can be configured to > use different ports than someone setting up iptables might expect - > and how would you handle portmapper? Reasonable question. :) Ideally, you'd handle portmapper by using NFSv4 so it's not required. Or recommend using rpcbind and fixed port numbers. (See for example <https://www.centos.org/docs/5/html/5.2/Deployment_Guide/s2-sysconfig-nfs.html>) But I think the proposal would leave the library there for legacy programs which really want to use it, just not link core components to it anymore. -- Matthew Miller mattdm at mattdm.org <http://mattdm.org/>