From owner-freebsd-pf@FreeBSD.ORG  Wed Dec 22 01:55:09 2004
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1220816A4CF
	for <freebsd-pf@freebsd.org>; Wed, 22 Dec 2004 01:55:09 +0000 (GMT)
Received: from postino-2.etat.lu (postino-2.etat.lu [194.154.205.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B2FE343D4C
	for <freebsd-pf@freebsd.org>; Wed, 22 Dec 2004 01:55:08 +0000 (GMT)
	(envelope-from didier.wiroth@mcesr.etat.lu)
Received: from avirus-1.cie.etat.lu (dispatch-1.cie.etat.lu [148.110.137.6])
	by postino-2.etat.lu (Postfix) with ESMTP id 741C3D98FCB
	for <freebsd-pf@freebsd.org>; Wed, 22 Dec 2004 02:55:07 +0100 (CET)
Received: from avirus-1.cie.etat.lu (dispatch-1.cie.etat.lu [148.110.137.6])
	by localhost (CIE ESMTP Dispatch 1) with ESMTP id 80A2521467
	for <freebsd-pf@freebsd.org>; Wed, 22 Dec 2004 02:55:07 +0100 (CET)
Received: from hermes-1.cie.etat.lu (hermes-1.cie.etat.lu [148.110.136.56])
	6E8D020FF4
	for <freebsd-pf@freebsd.org>; Wed, 22 Dec 2004 02:55:07 +0100 (CET)
Received: from hermes-1.cie.etat.lu (hermes-1.cie.etat.lu [148.110.136.56])
 by store.etat.lu
 (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004))
 with ESMTP id <0I9300GTNPBV8PB0@store.etat.lu> for freebsd-pf@freebsd.org;
 Wed, 22 Dec 2004 02:55:07 +0100 (MET)
Received: from etat.lu ([148.110.136.56])
 by store.etat.lu (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct
 21 2004)) with ESMTP id <0I930079BPBV4K10@store.etat.lu> for
 freebsd-pf@freebsd.org; Wed, 22 Dec 2004 02:55:07 +0100 (MET)
Received: from [192.168.2.43] (Forwarded-For: [158.64.124.113])
 by store.etat.lu (mshttpd); Wed, 22 Dec 2004 02:55:07 +0100
Date: Wed, 22 Dec 2004 02:55:07 +0100
From: Didier Wiroth <didier.wiroth@mcesr.etat.lu>
To: freebsd-pf@freebsd.org
Message-id: <8e3f9722ef1.41c8e20b@etat.lu>
MIME-version: 1.0
X-Mailer: Sun Java(tm) System Messenger Express 6.1 HotFix 0.05 (built Oct 21
 2004)
Content-type: text/plain; charset=us-ascii
Content-language: fr
Content-transfer-encoding: 7BIT
Content-disposition: inline
X-Accept-Language: fr
Priority: normal
Subject: pfS ftp-proxy binding to 127.0.0.1
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical discussion and general questions about packet filter (pf)
	<freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Dec 2004 01:55:09 -0000

HI,
I'm still trying openbsd and freebsd.

I'm setting a pppoe router , using pf and ftp-proxy.
On openbsd you can bind ftp-proxy to the localhost address, openbsd's ftp-proxy only listens to 127.0.0.1 like this:
127.0.0.1:8021

On freebsd it listens on all ip addresses, here is the result of sockstat:
root     inetd      750   4  tcp4   *:8021                *:*

 I do understand that I can explicitly add a pf rule to deny or  allow access to the proxy but to enforce security  is it possible to bind ftp-proxy so that it only listens to the localhost.

thx
didier