Date: Wed, 16 Apr 2003 18:12:05 +0200 (CEST) From: Oliver Fromme <olli@secnetix.de> To: freebsd-hackers@FreeBSD.ORG Subject: Re: Multiple ip-numbers in jails (fixed INADDR_ANY behaviour). Message-ID: <200304161612.h3GGC58Z075925@lurza.secnetix.de> In-Reply-To: <Pine.GSO.4.44.0304161532120.14291-100000@mail.ilrt.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Jan Grant <Jan.Grant@bristol.ac.uk> wrote: > You can't have multiple processes listen on the same address and port, > but you CAN have one listen on a specific IP and port and another listen > on INADDR_ANY and the same port. By extension, you'd expect a _more > specific_ binding of INADDR_ANY to override a more general one. Oops, you are right. Must have been my lack of caffeine. :-) It means that you have to be very careful with daemons that run in the host environment. If they bind to INADDR_ANY, then any jailed process can override them (for the jail IPs). That might be a dangerous. Would be nice to have a knob to disable that behaviour. Regards Oliver -- Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "If you do things right, people won't be sure you've done anything at all." -- God in Futurama season 4 episode 8
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200304161612.h3GGC58Z075925>