[arch-general] bftp & denyhosts

Bjørn Hamra bjorn at archlinux.no
Tue Oct 14 18:17:42 EDT 2008


IMO, the whole tcp_wrappers thingy is getting kinda silly. People call it a
'cleaner way of controlling/limiting connections'. I strongly disagree, in
the sense that You actually have to implent it in the daemon you're using it
against, in most cases breaking good socketing practice and protocol rules.
(The socket is opened - and then closed immediately?) I know I'm going off
topic, but I'm just wondering - Is there ANYTHING at all tcp_wrappers can do
- that a well tuned firewall can't?

bjorn

> -----Original Message-----
> From: arch-general-bounces at archlinux.org 
> [mailto:arch-general-bounces at archlinux.org] On Behalf Of RedShift
> Sent: 14. oktober 2008 20:03
> To: General Discusson about Arch Linux
> Subject: Re: [arch-general] bftp & denyhosts
> 
> Sergey Manucharian wrote:
> > On Mon, 13 Oct 2008 17:04:54 +0000
> > "Jon Kristian Nilsen" <jokr.nilsen at gmail.com> wrote:
> > 
> >> Is ther any reason you are using bftp, instead of for example sftp?
> >>
> > Actually there is no specific reasons, it was installed 2 
> years ago, 
> > and now services a whole bunch of users with complex chroot 
> > directories structure. Maybe I'll replace bftp with something else 
> > anyway. The only strange thing for me that I believed that 
> > hosts.deny/allow files are system-wide and I can rely on them, but 
> > it's not so.
> > 
> > Sergey
> > 
> > 
> > 
> 
> hosts.allow & hosts.deny is only effective on programs that 
> implement tcp_wrappers.
> 
> Glenn
> 




More information about the arch-general mailing list