[Bug 280440] security/openssh-portable: tcpwrappers no longer works with spawning processes

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 280440] tcpwrappers no longer works with spawning processes in openssh-portable"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 28 Oct 2024 17:41:59 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280440

--- Comment #5 from mike@sentex.net ---
Note, For my use case I worked around the issue. I had a few customers where
geofencing was a requirement and hooked in ACLs another way that actually is
much more flexible. However, I would not be surprised if I was the last person
on the planet using tcp_wrappers to make use of this old feature.  I think the
redesign to separate ssh sessions broke the previous patch, so more work than a
few tweaks are probably needed.  If someone wants to close the ticket and just
declare tcp_wrappers no longer supported fully, I would be fine with it. 

[1] I have a small golang daemon listening in on pflog0 looking for a provided
pf rule match. It then hands the IP off to a shell script that decides on a
number of criteria (country, reputation list etc) and either does nothing or
adds the IP to a block table and kills the existing state.

-- 
You are receiving this mail because:
You are the assignee for the bug.