On Sat, Dec 08, 2001 at 11:57:51PM +0100, Guido Hennecke wrote: > At 08.12.2001, Phillip Hofmeister wrote: > > grr...forgot to reply to list... > > It was not necessary because... > > > From: Phillip Hofmeister <firstname.lastname@example.org> > > > OR....you could use IPCHAINS or IPTABLES to REJECT (or DENY) the interface > > > on that port.... > > > > From: Guido Hennecke <email@example.com> > [...] > > > > But it is posible to use a packetfilter and configure it, that packets > > > > for an interface must come in over the target interface. > > Your quoting sucks! > OK, now now - no fighting. I do already have a packet filtering firewall (iptables) and everything is blocked from the internet side except ssh. I did mention this in my first post. I was just trying to go the extra mile in terms of security by making sure everything unnecessary was turned off and those that were necessary were only listening on the interfaces I need them to. And thanks for all the replies. In fact I was most interested to hear that you could not make daemons listen on only one interface but you could make them bind to an IP address range. I guess that is what I achieved in my postfix main.cf file with the line: inet_interfaces = localhost Cheers. Mark.
Description: PGP signature