On Tue, 2024-04-02 at 12:04 +0200, Marco d'Itri wrote: > On Apr 02, Colin Watson <cjwat...@debian.org> wrote: > > > At the time, denyhosts was popular, but it was removed from Debian > > several years ago. I remember that, when I dealt with that on my > > own > > systems, fail2ban seemed like the obvious replacement, and my > > impression > > is that it's pretty widely used nowadays; it's very pluggable but > > it > > normally works by adding firewall rules. Are there any similar > > popular > > systems left that rely on editing /etc/hosts.deny? > Yes, people. I object to removing TCP wrappers support since the > patch > is tiny and it supports use cases like DNS-based ACLs which cannot be > supported by L3 firewalls. >
There are more than enough ways to keep the entries based on dns records in your l3 firewalls uptodate, I can't see how this should warrant to keep yet another patch Jan^WMarco. -- Bernd Zeimetz Debian GNU/Linux Developer http://bzed.de http://www.debian.org GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F
