Dropping tcp_wrappers support.

Michal Soltys soltys at ziu.info
Wed Aug 10 20:31:28 UTC 2011


On 11-08-10 17:18, Thomas Penteker wrote:
> * Johnny (gloomyquazar at mail.ru) wrote:
>>  Hi.
>
> Hello!
>
>>  Archlinux's developers are dropping tcp_wrappers support. Aren't CRUX devs
>>  doing to do the same step?
>>  http://www.archlinux.org/news/dropping-tcp_wrappers-support/
>
> "This is due to upstream not having released a new version since April 1997."
> is NO argument. The security-side benefits may be doubted (ip addresses can be
> forged).  tcpwrappers allows one to block clients by netaddresses without the
> need for iptables. It's easy and it's clean. Let's stick with tcp_wrappers.
>
> regards, Thomas
>

Furthermore, tcp_wrappers is not only about poor man's blocking / 
allowing. For example, vsftpd uses it as a means to load per-ip specific 
configuration files on the fly.



More information about the CRUX mailing list