tcpwrappers & SSH
Brian A. Seklecki
lavalamp at spiritual-machines.org
Wed Oct 25 14:59:11 UTC 2006
On Wed, 25 Oct 2006, Alex Zbyslaw wrote:
> òÉÈÁÄ çÁÄÖÉÅ× wrote:
>> A comment in /etc/hosts.allow states that:
>> Wrapping sshd(8) is not normally a good idea
With tcpwrappers, you still have to open a socket and burn
cycles/ram/resources on the 3-way, followed by a quick RST.
With pf(4), you can maintain a hash list on a L4 block rule and it's much
more efficient. No RST needed.
More information about the freebsd-questions