[blfs-dev] [blfs-book] r10486 - in trunk/BOOK: . archive gnome/core introduction/welcome multimedia/libdriv multimedia/videoutils networking/netprogs postlfs/security pst/printing pst/scanning server/databases server/mail server/major server/other xsoft/other
zarniwhoop at ntlworld.com
Fri Aug 24 21:32:18 PDT 2012
On Fri, Aug 24, 2012 at 11:12:02PM -0500, Bruce Dubbs wrote:
> krejzi at linuxfromscratch.org wrote:
> > Author: krejzi
> > Date: 2012-08-01 06:04:22 -0600 (Wed, 01 Aug 2012)
> > New Revision: 10486
> > Added:
> > trunk/BOOK/archive/tcpwrappers.xml
> > Removed:
> > trunk/BOOK/postlfs/security/tcpwrappers.xml
> I just noticed this.
> Why did you remove tcpwrappers? I recall saying I don't like it or use
> it, but some other programs do use it. It's mentioned in sendmail,
> nfs-utils, vsftpd, and exim as well as xinetd which I'm restoring.
> I think it's a legitimate optional dependency. It builds OK in 7.2.
> -- Bruce
There was general agreement that it should go. I didn't like the
decision, but there was general agreement that if arch can drop it,
so can we. I've moved to iptables (_fun_ : that reminds me, I
must remember to fix my iptables scripts re multicast spamming the
logs) - I didn't think tcp_wrappers were a big overhead, but I have
to agree that they aren't the only way of providing that control.
Relatedly : for iptables, why isn't it a regular script in init.d ?
And is there any interest in _different_ variants ? e.g. on this
(7.2 :) desktop I've got rules for ssh (if I started it), tcp and
udp if established or related, loopback, dns, ntp, icmp if related -
and I should also permit multicast.
das eine Mal als Tragödie, das andere Mal als Farce
More information about the blfs-dev