Re: Do we have a filter that behaves like libwrap.so?

Tue, 20 Nov 2007 00:09:45 -0800 

Hi Alex,

I think what you're asking for is two things:
- A filter that has whitelist as well as blacklist capabilities (definitely useful). - Something external to the filter that can read the allow/deny and manipulate the filter with new values as required. 


This way the filter itself can be in core and can remain fairly simple, 
and there could be a an optional package for unix integration which has 
the functionality to read the hosts files. 

On another note, the thread safety in BlacklistFilter might not be 
correct.  The blacklist collection is accessed by both synchronized and 
non synchronized methods.


Cheers,
Brad.

Alex Karasulu wrote:

See I'm just trying to think of ways in which better UNIX integration
can be optionally incorporated.  Another thing I like is logging to
/var/log/secure which get's picked up by things like DenyHosts to
feedback into these primitive access lists.

I was thinking about how to do this for ApacheDS but it seemed to me
like it might benefit more than just LDAP.  It's something that might
benefit several protocols that run on *NIX systems.

Perhaps this is unnecessary don't know.  Hence the request for feedback.

Alex

On Nov 19, 2007 8:44 PM, Alex Karasulu <[EMAIL PROTECTED]> wrote:

  

Right that's what I thought.

Does anyone think it would it be worth adding some pluggable means to
load the blacklisted IPs from files with the same format?

Alex


On Nov 19, 2007 8:39 PM, Mark <[EMAIL PROTECTED]> wrote:

    

I would say that the BlacklistFilter is much like /etc/hosts.deny.  We do
not have a filter that mimics the functionality of /etc/hosts.allow




On Nov 19, 2007 8:32 PM, Alex Karasulu <[EMAIL PROTECTED]> wrote:


      

Hi guys,

I know we have a blacklist filter but does anyone know if a tcp
wrappers like filter has been written for MINA which uses
/etc/hosts.allow and /etc/hosts deny files or something similar?

Thanks,
Alex


        


--
--------------------------------
The adjuration to be "normal" seems shockingly repellent to me; I see
neither hope nor comfort in sinking to that low level. I think it is
ignorance that makes people think of abnormality only with horror and allows
them to remain undismayed at the proximity of "normal" to average and
mediocre. For surely anyone who achieves anything is, essentially, abnormal.
    Dr. Karl Menninger


      



  






















					Reply via email to