[CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?
Les Mikesell
lesmikesell at gmail.comThu Mar 20 22:23:24 UTC 2014
- Previous message: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?
- Next message: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, Mar 20, 2014 at 4:39 PM, <m.roth at 5-cent.us> wrote: > Matthew Miller wrote: >> On Thu, Mar 20, 2014 at 06:14:56PM -0300, Fernando Cassia wrote: > <snip> >>> Fail2ban is one piece of software which interfaces with tcp wrappers. >>> v0.9.0 just out >>> http://www.fail2ban.org/wiki/index.php/Main_Page >> >> Yes, and know for sure people use that -- I do, for example. But I use it >> to manipulate IP tables, which is more secure and less fragile than the >> hosts.deny action (it's always a bit scary when configuration files are >> edited by a program!). Because it is actively maintained upstream, there's >> even support for new things like firewalld. > <snip> > > Yup - that's what we do here, use fail2ban to manipulate iptables. Not sure there's a one-to-one mapping or even a conceptual overlap in what tcpwrappers and iptables do. Applications can be configured to use different ports than someone setting up iptables might expect - and how would you handle portmapper? -- Les Mikesell lesmikesell at gmail.com
- Previous message: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?
- Next message: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list