Florian Weimer wrote: > * Michael Ströder: > >> Hmm, I will drop it since the same functionality can be easily achieved on >> this platform by using local kernel firewall. > > The DNS-based access rules are not available as part of the kernel > firewall. Good point. > For some odd reasons, a lot of people think this > tcpwrappers feature is insecure, Me too. ;-) > but it seems a rather convenient way > to get *additional* security in cases where you have proper reverse > lookup (with matching forward lookup) and fragmented address space > that does not lend itself easily to writing access rules. But it adds two additional DNS lookups to the game. > But as I said, this goes against accepted wisdom, so these additional > filters probably don't make it through security audits, and carrying > along this support at the tool level does not make much sense anymore: > > <https://lists.fedoraproject.org/pipermail/devel/2014-March/196913.html> Thanks for the link to this interesting discussion. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature