Are TCP wrappers obsolete ?

Brandon Vincent Brandon.Vincent at
Sat Jun 28 17:58:59 UTC 2014

On Sat, Jun 28, 2014 at 8:37 AM, Niki Kovacs <info at> wrote:
> Hi,
> I wonder if /etc/hosts.allow and /etc/hosts.deny are becoming obsolete. As
> far as I can tell (correct me if I'm wrong), they don't serve any practical
> purpose.
> 1. The services actually protected by TCP wrappers are only a handful.
> 2. Nothing in here that iptables couldn't do anyway.
> What's the guru's take on this?
> Cheers,
> Niki

TCP wrapper is not a substitute for a proper host-based firewall. The
code was originally written in 1990 in an era where host-based
firewalls really didn't exist.

As you pointed out, a good deal of daemons are not linked against
libwrap, emphasizing its depreciation. Upstream changes to libwrap
haven't been made since 1997.

Distributions like Arch have actually dropped TCP wrapper support
completely. So yes in short, TCP wrapper is dead, use iptables

Brandon Vincent

More information about the ubuntu-users mailing list