[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fw: Can a daemon listen only on some interfaces?

On Sat, Dec 08, 2001 at 11:57:51PM +0100, Guido Hennecke wrote:
> At 08.12.2001, Phillip Hofmeister wrote:
> > grr...forgot to reply to list...
> It was not necessary because...
> > From: Phillip Hofmeister <plhofmei@svsu.edu>
> > > OR....you could use IPCHAINS or IPTABLES to REJECT (or DENY) the interface
> > > on that port....
> > > From: Guido Hennecke <g.hennecke@t-online.de>
> [...]
> > > > But it is posible to use a packetfilter and configure it, that packets
> > > > for an interface must come in over the target interface.
> Your quoting sucks!
OK, now now - no fighting.

I do already have a packet filtering firewall (iptables) and everything
is blocked from the internet side except ssh.  I did mention this in my
first post.

I was just trying to go the extra mile in terms of security by making
sure everything unnecessary was turned off and those that were necessary
were only listening on the interfaces I need them to.

And thanks for all the replies.  In fact I was most interested to hear
that you could not make daemons listen on only one interface but you
could make them bind to an IP address range.  I guess that is what I
achieved in my postfix main.cf file with the line:
inet_interfaces = localhost


Attachment: pgpS4zSMMe54y.pgp
Description: PGP signature

Reply to: