Re: Fw: Can a daemon listen only on some interfaces?

To: debian-security@lists.debian.org
Subject: Re: Fw: Can a daemon listen only on some interfaces?
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Sun, 9 Dec 2001 21:03:31 -0200
Message-id: <[🔎] 20011209210331.A24517@khazad-dum>
In-reply-to: <[🔎] E16D8vP-0007tq-00@debian.dyndns.org>; from g.hennecke@t-online.de on Dom, Dez 09, 2001 at 07:43:42 +0100
References: <[🔎] 001901c18024$8a7e5e40$0300000a@Oneil> <[🔎] E16CqPn-00087i-00@debian.dyndns.org> <[🔎] 20011209121208.A977@flea.home> <[🔎] E16D3mj-0005dr-00@debian.dyndns.org> <[🔎] 20011209141434.B22334@khazad-dum> <[🔎] E16D8vP-0007tq-00@debian.dyndns.org>

On Sun, 09 Dec 2001, Guido Hennecke wrote:
> At 09.12.2001, Henrique de Moraes Holschuh wrote:
> > On Sun, 09 Dec 2001, Guido Hennecke wrote:
> > >         127.0.0.1  Gateway <your official ip address>   Interface <his
> > >         externel interface>
> > > 
> > > he can reach your service bound to 127.0.0.1. And this without
> > > activating ip_forward on your computer!
> > Is this true even if the policy of the forward chain (for ipchains) is set
> > to deny ? (and the equivalent, for iptables) ?
> 
> Those packets did not go throught the forwards chain. For local
> interfaces no routing is needed.

If they came over the network, they should have. That is a broken behaviour
(breaks principle of less surprise, at the very least).

Well, ipmasq needs an update to trash anything incoming and outgoing from
!lo with a destination of 127.0.0.1/8 then.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

Follow-Ups:
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: Guido Hennecke <g.hennecke@t-online.de>

References:
- Fw: Can a daemon listen only on some interfaces?
  - From: "Phillip Hofmeister" <plhofmei@svsu.edu>
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: Guido Hennecke <g.hennecke@t-online.de>
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: mdevin@ozemail.com.au
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: Guido Hennecke <g.hennecke@t-online.de>
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: Guido Hennecke <g.hennecke@t-online.de>

Prev by Date: Re: Fw: Can a daemon listen only on some interfaces?
Next by Date: Re: Fw: Can a daemon listen only on some interfaces?
Previous by thread: Re: Fw: Can a daemon listen only on some interfaces?
Next by thread: Re: Fw: Can a daemon listen only on some interfaces?
Index(es):
- Date
- Thread