[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-devel
Subject: Re: Debian openssh option review: considering splitting out GSS-API key exchange
From: Bernd Zeimetz <bernd () bzed ! de>
Date: 2024-04-07 20:25:40
Message-ID: 465e0d942343c9f0570330b2567f5bc1af1815f7.camel () bzed ! de
[Download RAW message or body]
On Tue, 2024-04-02 at 12:04 +0200, Marco d'Itri wrote:
> On Apr 02, Colin Watson <cjwatson@debian.org> wrote:
>
> > At the time, denyhosts was popular, but it was removed from Debian
> > several years ago. I remember that, when I dealt with that on my
> > own
> > systems, fail2ban seemed like the obvious replacement, and my
> > impression
> > is that it's pretty widely used nowadays; it's very pluggable but
> > it
> > normally works by adding firewall rules. Are there any similar
> > popular
> > systems left that rely on editing /etc/hosts.deny?
> Yes, people. I object to removing TCP wrappers support since the
> patch
> is tiny and it supports use cases like DNS-based ACLs which cannot be
> supported by L3 firewalls.
>
There are more than enough ways to keep the entries based on dns
records in your l3 firewalls uptodate, I can't see how this should
warrant to keep yet another patch Jan^WMarco.
--
Bernd Zeimetz Debian GNU/Linux Developer
http://bzed.de http://www.debian.org
GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic