Re: Debian openssh option review: considering splitting out GSS-API key exchange
On Tue, 2024-04-02 at 12:04 +0200, Marco d'Itri wrote:
> On Apr 02, Colin Watson <cjwatson@debian.org> wrote:
>
> > At the time, denyhosts was popular, but it was removed from Debian
> > several years ago. I remember that, when I dealt with that on my
> > own
> > systems, fail2ban seemed like the obvious replacement, and my
> > impression
> > is that it's pretty widely used nowadays; it's very pluggable but
> > it
> > normally works by adding firewall rules. Are there any similar
> > popular
> > systems left that rely on editing /etc/hosts.deny?
> Yes, people. I object to removing TCP wrappers support since the
> patch
> is tiny and it supports use cases like DNS-based ACLs which cannot be
> supported by L3 firewalls.
>
There are more than enough ways to keep the entries based on dns
records in your l3 firewalls uptodate, I can't see how this should
warrant to keep yet another patch Jan^WMarco.
--
Bernd Zeimetz Debian GNU/Linux Developer
http://bzed.de http://www.debian.org
GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F
Reply to: