Re-install libwrap in OpenSSH

Peter Stuge peter at stuge.se
Thu May 21 01:18:35 AEST 2015


Stephan von Krawczynski wrote:
> Are you already preparing for having no arguments?

I pointed out that your style of communication makes you look bad so
that next time when you want something you can try to avoid risking
that, because looking bad is sufficient for lots of people to ignore
you, regardless of technical merits.


> > The rationale is that firewall rules can replace libwrap
> 
> Show me this as an example of your firewall skills and replace this
> hosts.allow entry:
> 
> sshd: .... : spawn (echo -e "%u@%h[%a] on `/bin/date`" to %d connected me |
> /bin/mail -s "hosts.allow entry XYZ" root) & : ALLOW

Linux netfilter has a nice ULOG target which can be used with a
program much smaller than libwrap to accomplish the essential
functionality above. I used ULOG for the first time somewhere
between 7 and 10 years ago so it has been around for a while.
But that's of course off-topic for this list, so let's stop here.

What's on-topic is that firewalls are indeed able to replace the
functionality.


//Peter


More information about the openssh-unix-dev mailing list