Re: Limit the number of erroneous logins of root from the same IP



On Tue, 22 Nov 2011, in the Usenet newsgroup alt.os.linux.redhat, in article
<wpUyq.280$g35.49@xxxxxxxxxxxx>, unruh wrote:

tcp_wrappers has some nice features, but it's been unmaintained for
close to 14 years. The firewall code is part of the kernel, and is
under on-going development.

And Wietze refuses to fix bugs.

In a minor way, I can understand that. 'tcp_wrappers' was created
a long time ago, and firewalls weren't as common or as easily
administered. As such, tcp_wrappers had a place. Today, much of
the Internet still relies on TCP, but now we're talking IPv6 as well.
The features in tcp_wrappers are nice - I like the idea of being able
to block hosts that don't resolve both ways by using a single keyword.
On the other hand, depending on '/usr/sbin/tcpd' or the applications
being compiled with 'libwrap' is a shortcoming. Even the change from
inetd to xinetd broke tcpdcheck and tcpdmatch, and that's never been
fixed. In truth, I no longer depend on tcp_wrappers. In general,
a firewall can do things better once you grok firewall configuration
tools (which of course, differ in each distribution).

Old guy
.