Re: Limit the number of erroneous logins of root from the same IP



On Tue, 22 Nov 2011, in the Usenet newsgroup alt.os.linux.redhat, in article
<wpUyq.280$g35.49@xxxxxxxxxxxx>, unruh wrote:

tcp_wrappers has some nice features, but it's been unmaintained for
close to 14 years. The firewall code is part of the kernel, and is
under on-going development.

And Wietze refuses to fix bugs.

In a minor way, I can understand that. 'tcp_wrappers' was created
a long time ago, and firewalls weren't as common or as easily
administered. As such, tcp_wrappers had a place. Today, much of
the Internet still relies on TCP, but now we're talking IPv6 as well.
The features in tcp_wrappers are nice - I like the idea of being able
to block hosts that don't resolve both ways by using a single keyword.
On the other hand, depending on '/usr/sbin/tcpd' or the applications
being compiled with 'libwrap' is a shortcoming. Even the change from
inetd to xinetd broke tcpdcheck and tcpdmatch, and that's never been
fixed. In truth, I no longer depend on tcp_wrappers. In general,
a firewall can do things better once you grok firewall configuration
tools (which of course, differ in each distribution).

Old guy
.



Relevant Pages

  • Re: natd starting after firewall rules are loaded
    ... that I did, in fact, build the kernel with several firewall options, ... kernel and built it, and, since divert is already there, the firewall ... Once the system is up, i can ipfw list and the divert command is, ...
    (freebsd-net)
  • [patch] move ipfw logging to after syslogd
    ... We have a problem that on our busy firewalls, a boot and shutdown ... can be delayed by up to 20 minutes by the kernel printing log ... most kernel activity appears to be suspended by outputting ipfw ... echo 'Firewall rules loaded.' ...
    (freebsd-current)
  • Re: Linux firewall on P166
    ... Which is it, ipchains or iptables? ... gives you a much stronger firewall. ... It's difficult to do much with 4MB RAM, ... > of a specially-tailored kernel. ...
    (comp.security.firewalls)
  • Re: Linux firewall on P166
    ... Which is it, ipchains or iptables? ... gives you a much stronger firewall. ... It's difficult to do much with 4MB RAM, ... > of a specially-tailored kernel. ...
    (comp.os.linux.networking)
  • Firewall-easy setup difficulties
    ... I'm using debian unstable, 2.6.7 kernel. ... kernel support ... NO ipchains list, firewall kernel support? ... HOME USER CONFIG ...
    (Debian-User)