Date: Tue, 25 Feb 2014 12:29:32 +0200 From: Alexander Motin <mav@FreeBSD.org> To: Eugene Grosbein <eugen@grosbein.net>, d@delphij.net Cc: freebsd-net@freebsd.org, Xin Li <delphij@delphij.net> Subject: Re: rpcbind & TCP wrappers Message-ID: <530C708C.9060107@FreeBSD.org> In-Reply-To: <530C0B82.8070303@grosbein.net> References: <530B996F.4060100@FreeBSD.org> <530BA819.1080400@delphij.net> <530C0B82.8070303@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 25.02.2014 05:18, Eugene Grosbein wrote: > On 25.02.2014 03:14, Xin Li wrote: > >> By the way we need to be careful when changing the defaults, or it >> creates astonishment (tcpwrap are supposed to work without restarting >> the service) but I think this is probably a pain we have to face if we >> can't make TCP wrappers to work faster. > > We can't? > > What if we make libwrap cache and check hosts.allow/hosts.deny modification times early > and just skip if it was not modified since last check? Skip what? Configuration can be not trivial, and we can't know what exactly you can or can not cache. Even if we skip just file read, we still have to process it all, but that requires time too. Do we really want/need another firewall there? -- Alexander Motin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?530C708C.9060107>