[PATCH]: Add tcp_wrappers protection to port forwarding
Chris Faylor
cgf at cygnus.com
Fri Oct 20 14:05:01 EST 2000
On Sun, Oct 15, 2000 at 05:28:04PM +0200, Markus Friedl wrote:
>On Sun, Oct 08, 2000 at 11:29:45AM -0400, Chris Faylor wrote:
>> >why should a client programm read /etc/hosts.allow?
>>
>> Probably it shouldn't. I didn't know of any way to avoid this, however.
>
>the problem is that if you want to use -L in your client, you
>cannot, because of /etc/hosts.allow which is under control of
>the sysadmin.
AFAICT, this would only be a problem if the sysadmin specifically set up
a rule to disallow the use of the port. I just tried this with a port
that I hadn't put under hosts.allow control and there was no problem.
I don't see any harm in letting a sysadmin specify port policy like
this.
cgf
More information about the openssh-unix-dev
mailing list