Lew Wolfgang wrote:
I remember reading that tcpwrappers is now deprecated.
Sadly, that code has been left to rot and as from 13.2 has been dropped by openSUSE: even the man pages have disappeared, although openSUSE still uses it with some packages, e.g. nut. Lew Wolfgang also wrote:
There are apparently vastly superior ways to control remote access these days. It's well known that iptables is much easier to understand and configure safely than hosts.allow and hosts.deny.
(do I need a smiley?)
You certainly do after making such a claim. iptables is on a par with sendmail for configuration complexity, whereas TCP wrappers as originally written by Wietse Venema in 1990 was a simple declarative approach. On Mon, 14 Nov 2016, Carlos E. R. wrote:
I'm not proficient enough on Iptables to write my own rules, I use SuSEfirewall2 instead. How would I create entries in that file equivalent to host.allow/deny entries?
I was a keen user of /etc/hosts.allow and faced the same problem when SSH abandoned TCP Wrappers. I wrote a Bash script to convert the hosts.allow rules to ipsets, and to provide the glue function for iptables. The documentation and download are at http://rogerprice.org/hosts.allow/ The script covers most but not all of TCP Wrappers. For example it will forbid all traffic from a ccTLD such as ".fr" but it is not possible to specify domains directly as ".gouv.fr". The script has been tested with sets of up to 150000 IPv4 sub-nets. Health and Safety Warning: The use of custom extensions to the SUSE firewall SuSEfirewall2 is not supported by SUSE. Roger -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org