IMO, the whole tcp_wrappers thingy is getting kinda silly. People call it a 'cleaner way of controlling/limiting connections'. I strongly disagree, in the sense that You actually have to implent it in the daemon you're using it against, in most cases breaking good socketing practice and protocol rules. (The socket is opened - and then closed immediately?) I know I'm going off topic, but I'm just wondering - Is there ANYTHING at all tcp_wrappers can do - that a well tuned firewall can't? bjorn
-----Original Message----- From: arch-general-bounces@archlinux.org [mailto:arch-general-bounces@archlinux.org] On Behalf Of RedShift Sent: 14. oktober 2008 20:03 To: General Discusson about Arch Linux Subject: Re: [arch-general] bftp & denyhosts
Sergey Manucharian wrote:
On Mon, 13 Oct 2008 17:04:54 +0000 "Jon Kristian Nilsen" <jokr.nilsen@gmail.com> wrote:
Is ther any reason you are using bftp, instead of for example sftp?
Actually there is no specific reasons, it was installed 2 years ago, and now services a whole bunch of users with complex chroot directories structure. Maybe I'll replace bftp with something else anyway. The only strange thing for me that I believed that hosts.deny/allow files are system-wide and I can rely on them, but it's not so.
Sergey
hosts.allow & hosts.deny is only effective on programs that implement tcp_wrappers.
Glenn