[PATCH]: Add tcp_wrappers protection to port forwarding
Chris Faylor
cgf at cygnus.com
Mon Oct 9 02:29:45 EST 2000
On Sun, Oct 08, 2000 at 04:19:13PM +0200, Markus Friedl wrote:
>On Sat, Oct 07, 2000 at 11:40:39PM +0200, Corinna Vinschen wrote:
>> + snprintf(fwd, sizeof(fwd), "sshdfwd-%d", c->host_port);
>
>i don't like this feature.
>
>should it be for -R or -L style forwarding?
Why does it matter? It should manage connections to host ports whether they
were set up with -R or -L.
In my case, I use it for -R ports.
>why should a client programm read /etc/hosts.allow?
Probably it shouldn't. I didn't know of any way to avoid this, however.
>at least it should not be the default, even if you use tcp-wrappers in sshd.
I'm not sure why. Without something like this, you have the potential for exposing
your ports to the outside world. That's why ssh.com's version added this protection,
I assume.
cgf
More information about the openssh-unix-dev
mailing list