Date: Mon, 16 Jul 2001 07:17:47 -0500 From: "Jacques A. Vidrine" <n@nectar.com> To: Sheldon Hearn <sheldonh@starjuice.net> Cc: freebsd-audit@freebsd.org Subject: Re: syslogd: bind to localhost only Message-ID: <20010716071747.D10944@madman.nectar.com> In-Reply-To: <4555.995275530@axl.seasidesoftware.co.za>; from sheldonh@starjuice.net on Mon, Jul 16, 2001 at 11:25:30AM %2B0200 References: <20010713135448.A67153@madman.nectar.com> <4555.995275530@axl.seasidesoftware.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 16, 2001 at 11:25:30AM +0200, Sheldon Hearn wrote: > > > On Fri, 13 Jul 2001 13:54:48 EST, "Jacques A. Vidrine" wrote: > > > The following patch adds a "-L" option to syslogd to force binding to > > localhost only. This is useful for running syslogd in a chroot'd > > environment, where the log socket will not be available. > > This seems like an awfully specific kludge. > > First, what does this give me that -a and -l don't? It causes syslogd to bind to INADDR_LOOPBACK rather than INADDR_ANY. syslogd then never `sees' packets that are not destined for the loopback interface. Using `-a', syslogd needs to process all packets sent to the syslog port on that machine. > Second, assuming I'm missing something above, why not implement the > option such that the operator can choose to bind to _any_ address(es) > using some kind of -i option? Why _only_ localhost? No, you are not missing anything. You are right, `-i ip-address-or-hostname' would be better. I think the `-L' evolved from wanting something kind of "between" `-s' and `-s -s'. Cheers, -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010716071747.D10944>