Inetd and a service listening only on localhost
cpghost
cpghost at cordula.ws
Thu May 5 17:30:54 PDT 2005
Karol Kwiatkowski wrote:
>I've never used inetd and I'm not sure what will happen if a
>connection is made from outside to a service which is configured to
>listen only on localhost.
>
>
When you use inetd, the spawned process gets its data from stdin,
not from a socket. It is irrelevant that the spawned program listens
on localhost (in addition to stdin). Its the stdin path of that program
that you should watch when using inetd.
Of course, you could use TCP Wrappers in inetd. Or check out inetd's -a
flag to bind inetd only to localhost (but check with sockstat -l that inetd
REALLY honors this flag!). Setting -a for inetd is a global change though
that affects everything that you start through inetd!
But why won't you use a firewall like pf or ipfw to protect the service in
the first place? Just do this in addition to TCP Wrapper's
hosts_access(5) and
inetd's "-a 127.0.0.1" setting. It's better to be safe than sorry :-)
>Is possible to run a service listening only on localhost with inetd?
> How to configure inetd in such case (an entry in /etc/hosts.allow?)
>or should I disable such configuration?
>
>
If you want to set the -a flag to bind inetd to localhost only, override
inetd_flag in
/etc/rc.conf (from the value it has in /etc/defaults/rc.conf), then
restart inetd.
>Regards,
>
>Karol
>
>
Good luck!
-cpghost.
--
Cordula's Web. http://www.cordula.ws/
More information about the freebsd-questions
mailing list