[arch-general] [arch-dev-public] dropping tcp_wrapper support
Mauro Santos
registo.mailling at gmail.com
Sat Jul 16 18:02:34 EDT 2011
On 16-07-2011 18:13, Andrea Scarpino wrote:
> Technically this is what we did: without tcp_wrappers every input is accepted
> now.
I'd say that if not using iptables most input was already being accepted
anyway so not supporting tcp_wrappers at all will make users more aware
of what is allowed in.
> You've to setup iptables to deny all input and accept only what you need. I
> never used iptables before, but now I find its syntax really simple, and
> powerful.
And while you are at it you might want to consider restricting the
allowed outbound ip/ports for good measure ;)
--
Mauro Santos
More information about the arch-general
mailing list