On Tue, 2 Apr 2024 01:30:10 +0100, Colin Watson <cjwat...@debian.org> wrote: >We carry a patch to restore support for TCP wrappers, which was dropped >in OpenSSH 6.7 (October 2014); see >https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html >and thread. That wasn't long before the Debian 8 (jessie) freeze, and >so I patched it back in "temporarily", but then I dropped the ball on >organizing a proper transition.
Please don't drop the mechanism that saved my¹ unstable installations from being vulnerable to the current xz-based attack. Just having to dump an ALL: ALL into /etc/hosts.deny is vastly easier than having to maintain a packet filter. Greetings Marc ¹ and probably thousands others -- ---------------------------------------------------------------------------- Marc Haber | " Questions are the | Mailadresse im Header Rhein-Neckar, DE | Beginning of Wisdom " | Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 6224 1600402
