Date: Thu, 24 Dec 1998 12:28:30 -0800 From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.Org> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: "Joseph T. Lee" <nugundam@la.best.com>, freebsd-security@FreeBSD.ORG Subject: Re: Do I really need inetd? Message-ID: <3.0.5.32.19981224122830.00967800@localhost> In-Reply-To: <199812241718.JAA27944@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
If you have IP aliases/addresses, I recommend you use the -a option such that inetd only listens on address you expect the services to be obtained under. inetd -a 127.0.0.1 /etc/inetd-local.conf inetd -a 10.128.0.1 /etc/inetd-internal.conf inetd -a 192.9.200.254 /etc/inetd-external.conf For example, we have a number of services which must be accessed from localhost (like: pop3) while others services are excessible from a specific external address (we have quite a few IP aliases). We have another set of services we only allow connections from within our firewall to make and others which are allowed only a specific external IP address. This approach doesn't add bars to the windows of your system. It just reduces the number of windows you have to watch. Of course, it only takes one window (a good cracker can get through any window) ... you still need 'bars'... like tcpd and ipfw (even on inetd bound to localhost). Kurt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.19981224122830.00967800>