[arch-general] [arch-dev-public] dropping tcp_wrapper support
Andrea Scarpino
andrea at archlinux.org
Sat Jul 16 13:13:06 EDT 2011
On Saturday 16 July 2011 12:06:34 Peggy Wilkins wrote:
> The annoucement suggests that a major reason for dropping support is
> that it is "confusing" to end users. An easy solution to that is to
> make a default hosts.allow file that says "ALL : ALL : ALLOW" out of
> the box. Then those of use wanting to simply restrict access (useful
> in many scenarios) can change that default as needed.
Technically this is what we did: without tcp_wrappers every input is accepted
now.
You've to setup iptables to deny all input and accept only what you need. I
never used iptables before, but now I find its syntax really simple, and
powerful.
--
Andrea
More information about the arch-general
mailing list