Florian Pritz wrote:
> On 16.07.2011 21:09, Grigorios Bouzakis wrote:
>> Dan McGee wrote:
>>> Dropping tcp_wrappers support
>>>
>>> Due to upstream not having released a new version since April 1997, we=
>
>>> are dropping `tcp_wrappers` support from all packages and removing the=
>
>>> package fro
On Sat 16 Jul 2011 15:47 -0500, Peggy Wilkins wrote:
> On Sat, Jul 16, 2011 at 3:23 PM, Ionut Biru wrote:
> > On 07/16/2011 08:06 PM, Peggy Wilkins wrote:
> >>
> >> The annoucement suggests that a major reason for dropping support is
> >> that it is "confusing" to end users. An easy solution to t
On 16-07-2011 18:13, Andrea Scarpino wrote:
> Technically this is what we did: without tcp_wrappers every input is accepted
> now.
I'd say that if not using iptables most input was already being accepted
anyway so not supporting tcp_wrappers at all will make users more aware
of what is allowed i
On Sat, Jul 16, 2011 at 3:58 PM, Thomas Bächler wrote:
>
> Anyway, sshd can be configured to deny connections depending on the
> host, you don't need tcp_wrappers for that.
The cost of that solution is requiring sshd restart every time one
wanted to modify access. Not the end of the world though
On Sat, Jul 16, 2011 at 3:04 PM, Thomas Bächler wrote:
> Am 16.07.2011 23:00, schrieb Richard Ullger:
> > What do the devs intend to do with packages that depend on tcp_wrapper
> > such as syslog-ng, xinetd and esound which is a dependency of gstreamer?
> >
> > Richard.
>
> None of those depends o
Am 16.07.2011 23:00, schrieb Richard Ullger:
> What do the devs intend to do with packages that depend on tcp_wrapper
> such as syslog-ng, xinetd and esound which is a dependency of gstreamer?
>
> Richard.
None of those depends on tcp_wrappers.
signature.asc
Description: OpenPGP digital signat
What do the devs intend to do with packages that depend on tcp_wrapper
such as syslog-ng, xinetd and esound which is a dependency of gstreamer?
Richard.
signature.asc
Description: This is a digitally signed message part
Am 16.07.2011 21:51, schrieb Peggy Wilkins:
> I have nothing to say against iptables and other full firewall
> solutions. However, for my part running a number of desktops for
> other people at work with only sshd as a service, tcp wrappers plus
> denyhosts (plus disabling password authentication
On Sat, Jul 16, 2011 at 3:23 PM, Ionut Biru wrote:
> On 07/16/2011 08:06 PM, Peggy Wilkins wrote:
>>
>> The annoucement suggests that a major reason for dropping support is
>> that it is "confusing" to end users. An easy solution to that is to
>> make a default hosts.allow file that says "ALL : A
On 07/16/2011 09:51 PM, Peggy Wilkins wrote:
On Sat, Jul 16, 2011 at 1:42 PM, Thomas S Hatch wrote:
In the end, I tell people that using tcp_wrappers is unnecessary and unwise,
iptables is VERY powerful, and once you understand how rules are constructed
and parsed it is an easy and manageable
On 07/16/2011 08:06 PM, Peggy Wilkins wrote:
I am an end user who is very unhappy about the removal of this option.
I didn't even know dropping tcp_wrappers was under consideration; had
I known that I would have spoken up with my vote against removing
support.
The annoucement suggests that a m
On Sat, Jul 16, 2011 at 8:42 PM, Thomas S Hatch wrote:
> Mind if I try to clear a few things up here?
Thanks for the very understandable explanation!
Cheers,
Tom
On Sat, Jul 16, 2011 at 1:42 PM, Thomas S Hatch wrote:
> In the end, I tell people that using tcp_wrappers is unnecessary and unwise,
> iptables is VERY powerful, and once you understand how rules are constructed
> and parsed it is an easy and manageable solution.
I have nothing to say against i
On 16.07.2011 21:09, Grigorios Bouzakis wrote:
> Dan McGee wrote:
>> Dropping tcp_wrappers support
>>
>> Due to upstream not having released a new version since April 1997, we
>> are dropping `tcp_wrappers` support from all packages and removing the
>> package from `[core]`. In addition, newer daem
Dan McGee wrote:
> Dropping tcp_wrappers support
>
> Due to upstream not having released a new version since April 1997, we
> are dropping `tcp_wrappers` support from all packages and removing the
> package from `[core]`. In addition, newer daemons and applications are
> inconsistent in their suppo
Mind if I try to clear a few things up here?
1. Yes Andrea, your iptables rules will most likely not achieve the desired
effect, as placing the REJECT on the top will REJECT traffic before it gets
to the ACCEPT.
2. tcp_wrappers is old and logically %100 redundant with a subset of the
features of i
On Sat, Jul 16, 2011 at 7:32 PM, Vic Demuzere wrote:
> On 16 July 2011 19:22, Andrea Scarpino wrote:
>>
>> old hosts.allow:
>> sshd: 192.
>> ntfs: 192.
>>
>> iptables:
>> -A INPUT -j REJECT
>> -A INPUT -p tcp -s 192.168.0.0/24 --dport ssh -j ACCEPT
>> -A INPUT -p tcp -s 192.168.0.0/24 --dport nfs
On Sat, Jul 16, 2011 at 5:36 PM, Joe(theWordy)Philbrook wrote:
> myhost login: jtwd
> NTP: adjust RTC [012.001]yp
> Password:
>
> Or some such thing. So unless the ntpd called from rc.local is NOT supposed
> to leave a message on tty1, I don't think that's a bug.
Ah, I see. That's
Am 16.07.2011 19:41, schrieb Andrea Scarpino:
> On 16 July 2011 19:32, Vic Demuzere wrote:
>> So, you're saying that those 4 lines are easier than the 2 short ones
>> in hosts.allow? Ah well, I'll have to learn to write iptables scripts
>> then, I suppose.
> I mean its more intuitive in that way,
On 16 July 2011 19:32, Vic Demuzere wrote:
> So, you're saying that those 4 lines are easier than the 2 short ones
> in hosts.allow? Ah well, I'll have to learn to write iptables scripts
> then, I suppose.
I mean its more intuitive in that way, you've more power on what is
accepted and what isn't.
On 16 July 2011 19:22, Andrea Scarpino wrote:
>
> old hosts.allow:
> sshd: 192.
> ntfs: 192.
>
> iptables:
> -A INPUT -j REJECT
> -A INPUT -p tcp -s 192.168.0.0/24 --dport ssh -j ACCEPT
> -A INPUT -p tcp -s 192.168.0.0/24 --dport nfs -j ACCEPT
> -A INPUT -p udp -s 192.168.0.0/24 --dport nfs -j ACC
On Saturday 16 July 2011 19:09:47 Vic Demuzere wrote:
> I also use the hosts.allow and hosts.deny files. It's a shame that support
> for them will be removed. It's easier than iptables.
I find iptables more easier, and intuitive.
old hosts.allow:
sshd: 192.
ntfs: 192.
iptables:
-A INPUT -j REJECT
On 07/16/2011 07:09 PM, Vic Demuzere wrote:
I also use the hosts.allow and hosts.deny files. It's a shame that support
for them will be removed. It's easier than iptables.
But it's not the same as iptables. If you're running a server, you would
like to use iptables.
Anyway if you really want to
On Saturday 16 July 2011 12:06:34 Peggy Wilkins wrote:
> The annoucement suggests that a major reason for dropping support is
> that it is "confusing" to end users. An easy solution to that is to
> make a default hosts.allow file that says "ALL : ALL : ALLOW" out of
> the box. Then those of use
I also use the hosts.allow and hosts.deny files. It's a shame that support
for them will be removed. It's easier than iptables.
--
v...@demuzere.be :: http://vic.demuzere.be :: PGP: 0x6690CF94
My software never contains bugs, it just develops random features.
Sent from my phone, please excuse my
I am an end user who is very unhappy about the removal of this option.
I didn't even know dropping tcp_wrappers was under consideration; had
I known that I would have spoken up with my vote against removing
support.
The annoucement suggests that a major reason for dropping support is
that it is "
On Sat, Jul 16, 2011 at 11:36:45AM -0400, Joe(theWordy)Philbrook wrote:
>
> It would appear that on Jul 12, Tom Gundersen did say:
>
It would appear that your pre-quotation messages are annoying.
[snip]
> Actually I wouldn't notice the adjustment at all except that certain
> system messages put
It would appear that on Jul 12, Tom Gundersen did say:
> On Jul 12, 2011, at 15:18, "Joe(theWordy)Philbrook" wrote:
> > Whereas If I put "ntpd -qg &"
> > in rc.local there is sometimes enough time to type my username before the
> > NTP based time adjustment can be seen to occur..
>
> Yes, ntpd
It would appear that on Jul 13, C Anthony Risinger did say:
> On Jul 12, 2011 8:19 AM, "Joe(theWordy)Philbrook" wrote:
>
>
>
> Dude ... just set UTC and forget about it ... forever :-)
>
> The wisdom of others frees time to build more wisdom of self.
Dde ... If my personality type
Hmm. That would explain. I tried to install switch from cpan. This works,but
installation fails elsewhere on other perl modules
sent from mobile phone
Dne 16.7.2011 13:16 "Jelle van der Waa" napsal(a):
> On 07/16/2011 01:17 AM, Ángel Velásquez wrote:
>> 2011/7/15 Jelle van der Waa:
>>> On 07/16/2
On 07/16/2011 01:17 AM, Ángel Velásquez wrote:
2011/7/15 Jelle van der Waa:
On 07/16/2011 12:14 AM, dejfson wrote:
Hi All,
has anyone success to compile CM7 under Archlinux? I'm new to Arch, before
user of Gentoo, so I'm still in learning phase.
In my case the issue seems to be missing perl's
31 matches
Mail list logo
