[blfs-dev] [blfs-book] r10486 - in trunk/BOOK: . archive gnome/core introduction/welcome multimedia/libdriv multimedia/videoutils networking/netprogs postlfs/security pst/printing pst/scanning server/databases server/mail server/major server/other xsoft/other

Ken Moffat zarniwhoop at ntlworld.com
Fri Aug 24 21:32:18 PDT 2012


On Fri, Aug 24, 2012 at 11:12:02PM -0500, Bruce Dubbs wrote:
> krejzi at linuxfromscratch.org wrote:
> > Author: krejzi
> > Date: 2012-08-01 06:04:22 -0600 (Wed, 01 Aug 2012)
> > New Revision: 10486
> >
> > Added:
> >     trunk/BOOK/archive/tcpwrappers.xml
> > Removed:
> >     trunk/BOOK/postlfs/security/tcpwrappers.xml
> 
> Armin,
> 
> I just noticed this.
> 
> Why did you remove tcpwrappers?  I recall saying I don't like it or use 
> it, but some other programs do use it.  It's mentioned in sendmail, 
> nfs-utils, vsftpd, and exim as well as xinetd which I'm restoring.
> 
> I think it's a legitimate optional dependency.  It builds OK in 7.2.
> 
>    -- Bruce
> 
 There was general agreement that it should go.  I didn't like the
decision, but there was general agreement that if arch can drop it,
so can we.  I've moved to iptables (_fun_ : that reminds me, I
must remember to fix my iptables scripts re multicast spamming the
logs) - I didn't think tcp_wrappers were a big overhead, but I have
to agree that they aren't the only way of providing that control.

 Relatedly : for iptables, why isn't it a regular script in init.d ?

And is there any interest in _different_ variants ?  e.g. on this
(7.2 :) desktop I've got rules for ssh (if I started it), tcp and
udp if established or related, loopback, dns, ntp, icmp if related -
and I should also permit multicast.

-- 
das eine Mal als Tragödie, das andere Mal als Farce



More information about the blfs-dev mailing list