Date: Wed, 6 Aug 1997 06:54:27 -0600 (MDT) From: Marc Slemko <marcs@znep.com> To: John Fieber <jfieber@indiana.edu> Cc: ports@FreeBSD.ORG Subject: Re: Major bogon in tcp_wrappers port. Message-ID: <Pine.BSF.3.95.970806065204.9408D-100000@alive.znep.com> In-Reply-To: <Pine.BSF.3.96.970805203711.17562h-100000@fallout.campusview.indiana.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 5 Aug 1997, John Fieber wrote: > On Tue, 5 Aug 1997, Satoshi Asami wrote: > > > (Asbestos suit removed) > > > > * _*PRETTY_PLEASE*_ cant we bring this into the "core" FreeBSD? > > * > > * With all the squeling about security, IMHO it is silly not to. > > > > I have no problem with the general principle stated above. I don't > > know anything about the actual working of tcp_wrapper, so I'll refrain > > from commenting on this specific case. > > I just installed it and it appears to be basically transparent > unless you set up a hosts.allow and/or hosts.deny file---similar > to the login.access functionality of login. It does send more > stuff about connections to syslog, but with the default > syslog.conf, I don't think any of it actually gets recorded. IMHO, it should log things to auth (not sure what the current port does) and auth should go somewhere like /var/log/auth. But that's neither here nor there... I think it is a good idea, but be cautions; it is often compiled to be picky about mismatching DNS. Not sure how the port is compiled, but if you do compile it that way you need to be careful that you are either prepared for a zillion people with broken DNS whining or to disable that feature. I like that feature, but I have a clue.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970806065204.9408D-100000>