Date: Wed, 25 Oct 2006 10:59:01 -0400 (EDT) From: "Brian A. Seklecki" <lavalamp@spiritual-machines.org> To: Alex Zbyslaw <xfb52@dial.pipex.com> Cc: =?UTF-8?B?0KDQuNGF0LDQtCDQk9Cw0LTQttC40LXQsg==?= <rihad@mail.ru>, freebsd-questions@freebsd.org Subject: Re: tcpwrappers & SSH Message-ID: <20061025105710.N63561@arbitor.digitalfreaks.org> In-Reply-To: <453F62E1.5090506@dial.pipex.com> References: <E1GcdoI-000MsQ-00.rihad-mail-ru@f48.mail.ru> <453F62E1.5090506@dial.pipex.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-1784420763-1161788341=:63561 Content-Type: TEXT/PLAIN; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: 8BIT On Wed, 25 Oct 2006, Alex Zbyslaw wrote: > Рихад Гаджиев wrote: > >> A comment in /etc/hosts.allow states that: >> Wrapping sshd(8) is not normally a good idea With tcpwrappers, you still have to open a socket and burn cycles/ram/resources on the 3-way, followed by a quick RST. With pf(4), you can maintain a hash list on a L4 block rule and it's much more efficient. No RST needed. ~BAS --0-1784420763-1161788341=:63561--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061025105710.N63561>