On 09.01.2015 23:16, Pasi Kärkkäinen wrote: > Hello, > > I recently noticed Debian/Ubuntu has had support for "aclexec" in > tcp_wrappers via a custom patch since 2006, > so you can do this in /etc/hosts.allow or hosts.deny: > > sshd: ALL: aclexec /usr/local/bin/sshfilter.sh %a > > if sshfilter.sh returns true the access is allowed, if sshfilter.sh returns > false the access is denied. > Very handy for integrating DNS RBLs and other IP databases etc. > > What do people feel about that? I'd like to see support for aclexec included > in Fedora's tcp_wrappers package.
seems a bit pointless to add this now considering this bit from the OpenSSH 6.7 release notes: http://lwn.net/Articles/615173/ * sshd(8): Support for tcpwrappers/libwrap has been removed. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
