On Wed, May 22, 2002 at 11:59:46PM +1000, Anthony Towns wrote: > TCP wrappers doesn't work for all programs. Well, that's a bug in the program. :) If you want to advocate layered security you should really require that all programs implement their own acl's in addition to any other security measures (since you don't seem to think security measures like not running the program, running the program on a disconnected system, running the program on a closed network, or relying on external firewalls are sufficient, I assumed that you were going for a full-on layered approach.) I'd argue that having the acl's in one place (hosts.allow) is better than scattering them in a million seperate config files, but something would be better than nothing. -- Mike Stone
Attachment:
pgpwA5ia3IETL.pgp
Description: PGP signature