[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: terminate init script when service is ready

On Sun, Aug 19, 2012 at 09:12:00AM +0200, Marc Haber wrote:
> On Sat, 18 Aug 2012 18:44:10 +0200, Bastian Blank <waldi@debian.org>
> wrote:
> >Not sure about radvd, but it needs more than existing interfaces?
> It chokes when the Interface changes after it was started, causing
> very hard to debug connectivity outages.

radvd runs on routers, which are not subject to SLAAC. So no dynamic
changes, only changes by the admin.

> >apache and sshd can listen on ::.
> Configuring software to listen on all interfaces/IP is an unacceptable
> solution, since it means losing significant functionality and/or
> security.

Listening on a specific address is no security feature. Even if Linux
will not response to neighbor discoveries on an interface without the
particular address configured, it will answer to other protocols.

You can use setsockopt(SO_BINDTODEVICE) to force a service on a
particular interface.


Peace was the way.
		-- Kirk, "The City on the Edge of Forever", stardate unknown

Reply to: