Hi,
> So maybe a solution would be to write a libwrap2 instead ?
Don't think this is the solution. Part of the problem is that some of
the functionality is just obsolete in todays world. Trusting IDENT and
DNS for access control maybe made sense in the 90ies. It certainly
doesn't today, and IMO lennart is correct in classifying this as
"security theater".
> So offer something with equivalent functionality (and config file
> syntax compatibility), with a nice modern clean API and then systemd
> and others can be moved over to that 1 by 1, and once we've no more
> users left we can kill of the old beast ?
I'd say moving the functionality which still makes sense (ip range based
checks) to the firewall is more useful. Guess it shouldn't be that hard
to write a utility translating /etc/hosts.{allow,deny} into iptables
rules, or add support for that to firewalld.
Does tcpwrap support ipv6 btw?
cheers,
Gerd
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
