Roger Price wrote:
I was a keen user of /etc/hosts.allow and faced the same problem when SSH abandoned TCP Wrappers. I wrote a Bash script to convert the hosts.allow rules to ipsets, and to provide the glue function for iptables. The documentation and download are at http://rogerprice.org/hosts.allow/
Roger, I'd like to add a comment to a bit of that article:
Since that release users of TCP wrappers must now look for other means of securing services such as openssh. A common response is to say "Use the iptables firewall",
Personally I have never used hosts.{allow,deny} to secure any sshd service. I find these two are much better and much more effective methods: a) use a public/private key setup. b) change the ssh port. Just my opinion. -- Per Jessen, Zürich (3.1°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org