From owner-freebsd-questions Fri Jun 30 2:40: 8 2000 Delivered-To: freebsd-questions@freebsd.org Received: from dire.bris.ac.uk (dire.bris.ac.uk [137.222.10.60]) by hub.freebsd.org (Postfix) with ESMTP id 98E3E37B78E for ; Fri, 30 Jun 2000 02:40:02 -0700 (PDT) (envelope-from Jan.Grant@bristol.ac.uk) Received: from mail.ilrt.bris.ac.uk by dire.bris.ac.uk with SMTP-PRIV with ESMTP; Fri, 30 Jun 2000 10:39:33 +0100 Received: from localhost (cmjg@localhost) by mail.ilrt.bris.ac.uk (8.8.7/8.8.8) with ESMTP id KAA28414; Fri, 30 Jun 2000 10:39:32 +0100 (BST) Date: Fri, 30 Jun 2000 10:39:32 +0100 (BST) From: Jan Grant To: questions@freebsd.org Subject: Ingress filtering to loopback address: is there any way to do this without a full firewall install? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG For a random service running on a random machine: On machine A (192.168.0.1): hostA:/> netstat -an | grep 5998 tcp4 0 0 127.0.0.1.5998 *.* LISTEN On machine B: (192.168.0.2):* hostB:/> ifconfig lo down hostB:/> route add -host 127.0.0.1 gw 192.168.0.1 hostB:/> telnet 127.0.0.1 5998 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. RANDOMSERVICE welcomes you... Is there a way to stop the delivery of non-localhost-originated packets to services listening on a loopback address without building a firewall into the kernel? Cheers in advance, jan * This machine was "another free unix-a-like" hence the interface name, etc. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287163 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk If it's broken really badly - don't fix it either. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message