On Saturday 09 November 2019 14:01:11 Jonathan Dowland wrote: > On Fri Nov 8, 2019 at 10:55 PM Gene Heskett wrote: > > unforch, reinstalling apache2 is not a workable situation because it > > was built for the repos w/o libwrappers support. Dumb and forces me > > to run iptables to block the bots that are DDOSing my site. > > Blocking malicious connections with iptables is a *better* solution > than with libwrappers. With libwrappers, your application (apache2) is > still having to do some connection management, even though you're > going to reject the connection. It's still at risk of exploitation if > there's a bad actor and a known vulnerability. iptables does it job > before apache2 even sees the connection. And is far, far more > flexible. > > At this point libwrappers is more of a historical curiosity than an > actively used and developed tool for filtering.
Being more than somewhat behind the times, I've now got that figured out. Thanks Jonathan. Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) If we desire respect for the law, we must first make the law respectable. - Louis D. Brandeis Genes Web page <http://geneslinuxbox.net:6309/gene>
