Re: Crux vs cupsd/tcpwrappers
On 6 March 2014 22:39, James Mills <prologic@shortcircuit.net.au> wrote:
Just make your /etc/hosts.allow be ALL: ALL and be done with it.
I know - it easy, but maybe not the most elegant. Anyway, I might probably end up doing it. Cheers, Wawrzek -- Dr Wawrzyniec Niewodniczański or Wawrzek for short PhD in Quantum Chemistry & MSc in Molecular Engineering WWW: http://wawrzek.name E-MAIL: jobs@wawrzek.name Linux User #177124
On Fri, Mar 7, 2014 at 8:51 AM, Wawrzek Niewodniczanski <main@wawrzek.name>wrote:
I know - it easy, but maybe not the most elegant. Anyway, I might probably end up doing it.
How exactly is a single one liner not elegant? I find tcpwrappers not a very useful thing in general. If you want/need firewalling -- you really should use/learn iptables/netfilter As I said, do yourself a favor and use "ALL: ALL" and don't make things harder on yourself than you need to! :) cheers James James Mills / prologic E: prologic@shortcircuit.net.au W: prologic.shortcircuit.net.au
James Mills <prologic@shortcircuit.net.au> escribió:
On Fri, Mar 7, 2014 at 8:51 AM, Wawrzek Niewodniczanski <main@wawrzek.name>wrote:
I know - it easy, but maybe not the most elegant. Anyway, I might probably end up doing it.
How exactly is a single one liner not elegant?
I find tcpwrappers not a very useful thing in general.
If you want/need firewalling -- you really should use/learn iptables/netfilter
As I said, do yourself a favor and use "ALL: ALL" and don't make things harder on yourself than you need to! :)
I agree with James, I often rebuild ports to remove tcpwrappers. I usually don't need it or use iptables instead. Note that you can implement IP based ACLs in cupsd.conf, similar to apache. Regards, Alan
On Fri, Mar 7, 2014 at 1:14 PM, Alan Mizrahi <alan+crux@mizrahi.com.ve>wrote:
Note that you can implement IP based ACLs in cupsd.conf, similar to apache.
If this is for local home network useage just bind it to your LAN interface (eth0) and not worry about it. If you're really worried about hackers breaking into your network and somehow gaining access to your network via a poorly configured or misshaping router/gateway, then put a firewall in front of your network or configure an appropriate firewall on your gateway/router. cheers James James Mills / prologic E: prologic@shortcircuit.net.au W: prologic.shortcircuit.net.au
Hey people. I've removed tcp_wrappers and removed it from openssh and cups. Everything works fine. I've noticed Arch also removed it in 2011: https://www.archlinux.org/news/dropping-tcp_wrappers-support/ Since it makes more problems than it's worth, why have it? Why not remove it completely from core and leave it as an optional package? On 7.3.2014 04:14, Alan Mizrahi wrote:
James Mills <prologic@shortcircuit.net.au> escribió:
On Fri, Mar 7, 2014 at 8:51 AM, Wawrzek Niewodniczanski <main@wawrzek.name>wrote:
I know - it easy, but maybe not the most elegant. Anyway, I might probably end up doing it.
How exactly is a single one liner not elegant?
I find tcpwrappers not a very useful thing in general.
If you want/need firewalling -- you really should use/learn iptables/netfilter
As I said, do yourself a favor and use "ALL: ALL" and don't make things harder on yourself than you need to! :)
I agree with James, I often rebuild ports to remove tcpwrappers. I usually don't need it or use iptables instead.
Note that you can implement IP based ACLs in cupsd.conf, similar to apache.
Regards,
Alan _______________________________________________ CRUX mailing list CRUX@lists.crux.nu http://lists.crux.nu/mailman/listinfo/crux
_____________________________________________________ Postavite svoj mali oglas besplatno: http://oglasi.krstarica.com/
On Fri, Mar 7, 2014 at 9:26 PM, Rex <bjorn@krstarica.com> wrote:
Hey people. I've removed tcp_wrappers and removed it from openssh and cups. Everything works fine. I've noticed Arch also removed it in 2011: https://www.archlinux.org/ news/dropping-tcp_wrappers-support/ Since it makes more problems than it's worth, why have it? Why not remove it completely from core and leave it as an optional package?
I would probably +1 a move to removing tcp_wrappers from all CRUX core/oprt ports as well. I've never used a LInux server or workstation with practical use for tc_wrappers. cheers James James Mills / prologic E: prologic@shortcircuit.net.au W: prologic.shortcircuit.net.au
participants (4)
-
Alan Mizrahi -
James Mills -
Rex -
Wawrzek Niewodniczanski