tcpwrappers & SSH

Brian A. Seklecki lavalamp at
Wed Oct 25 14:59:11 UTC 2006

On Wed, 25 Oct 2006, Alex Zbyslaw wrote:

> òÉÈÁÄ çÁÄÖÉÅ× wrote:
>> A comment in /etc/hosts.allow states that:
>> Wrapping sshd(8) is not normally a good idea

With tcpwrappers, you still have to open a socket and burn 
cycles/ram/resources on the 3-way, followed by a quick RST.

With pf(4), you can maintain a hash list on a L4 block rule and it's much 
more efficient.  No RST needed.


More information about the freebsd-questions mailing list