Are TCP wrappers obsolete ?
Brandon Vincent
Brandon.Vincent at asu.edu
Sat Jun 28 17:58:59 UTC 2014
On Sat, Jun 28, 2014 at 8:37 AM, Niki Kovacs <info at microlinux.fr> wrote:
> Hi,
>
> I wonder if /etc/hosts.allow and /etc/hosts.deny are becoming obsolete. As
> far as I can tell (correct me if I'm wrong), they don't serve any practical
> purpose.
>
> 1. The services actually protected by TCP wrappers are only a handful.
>
> 2. Nothing in here that iptables couldn't do anyway.
>
> What's the guru's take on this?
>
> Cheers,
>
> Niki
TCP wrapper is not a substitute for a proper host-based firewall. The
code was originally written in 1990 in an era where host-based
firewalls really didn't exist.
As you pointed out, a good deal of daemons are not linked against
libwrap, emphasizing its depreciation. Upstream changes to libwrap
haven't been made since 1997.
Distributions like Arch have actually dropped TCP wrapper support
completely. So yes in short, TCP wrapper is dead, use iptables
instead.
Brandon Vincent
More information about the ubuntu-users
mailing list