Am 13.12.2010 03:04, schrieb Allan McRae:
On 13/12/10 11:04, Dan McGee wrote:
Got very little feedback on this last time...any votes? Saw another thread[1] in the forums today about it causing problems with mpd this time around...
Never particularly used it... and if iptables is the better solution then I am happy for it to be removed if all our packages build without it.
I don't know about better: tcp_wrappers is an application-level solution, iptables on the other hand is a transport-level solution. I always tell myself that they solve different problems, but that isn't entirely true - both can be used to restrict or allow access to a particular service.
Packages that link to libwrap.so.0:
dante esound exim gdm inetutils libmysqlclient libpulse mailutils mysql net-snmp nfs-utils openldap openssh pulseaudio quota-tools socat stunnel syslog-ng tcp_wrappers tftp-hpa vsftpd xinetd
And that is the problem: Not all applications use tcp_wrappers (for instance, I don't see apache up there - it has its own built-in application-level configurations for access restrictrion). It seems inconsistent to have to mess with hosts.{allow,deny} for some applications and not for others. The question is, can all these applications be built without tcp_wrappers support?