Yeah, > There are two issues that I see. The first is that the hosts.allow > file can potentially become huge
That's painfully true, and I admit I've not given this any second thoughts. What I can say for my box I ran here, it's experiencing approximately one attack per day, so I believe it's okay to let the hosts.allow grow at this rate. Other machines may experience more attacks, though, and a rapidly growing tcpwrapper config file surely is a problem. Maybe it's worth thinking about some kind of "ageing mechanism" that sorts out outdated entries and keeps /etc/hosts.allow trimmed this way. > The second is that I'm not sure it is safe to insert the strings > you are greping out of the BLACKLIST file (thrown into your > PISSNELKE variable) directly into the hosts.allow file like that. You're right, I've overseen this since I had no "live" reference for malformed entries. I'll add some sanity checks to it once I finished watching Star Trek Voyager Season 7. Anyway, the scripts work fine for me so far, and maybe they will for some other folks out there, so think of them as a late christmas gift. :-) --j
