[arch-dev-public] tcp_wrappers- does anyone actually use it?

Thomas Bächler thomas at archlinux.org
Mon Dec 13 04:41:23 EST 2010


Am 13.12.2010 03:04, schrieb Allan McRae:
> On 13/12/10 11:04, Dan McGee wrote:
>> Got very little feedback on this last time...any votes? Saw another
>> thread[1] in the forums today about it causing problems with mpd this
>> time around...
>>
> 
> Never particularly used it...  and if iptables is the better solution
> then I am happy for it to be removed if all our packages build without it.

I don't know about better: tcp_wrappers is an application-level
solution, iptables on the other hand is a transport-level solution. I
always tell myself that they solve different problems, but that isn't
entirely true - both can be used to restrict or allow access to a
particular service.

> Packages that link to libwrap.so.0:
> 
> dante
> esound
> exim
> gdm
> inetutils
> libmysqlclient
> libpulse
> mailutils
> mysql
> net-snmp
> nfs-utils
> openldap
> openssh
> pulseaudio
> quota-tools
> socat
> stunnel
> syslog-ng
> tcp_wrappers
> tftp-hpa
> vsftpd
> xinetd

And that is the problem: Not all applications use tcp_wrappers (for
instance, I don't see apache up there - it has its own built-in
application-level configurations for access restrictrion).

It seems inconsistent to have to mess with hosts.{allow,deny} for some
applications and not for others. The question is, can all these
applications be built without tcp_wrappers support?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20101213/e8097e18/attachment-0001.asc>


More information about the arch-dev-public mailing list