Date: Thu, 23 Dec 2004 12:31:41 +0100 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Subject: Re: pfS ftp-proxy binding to 127.0.0.1 Message-ID: <200412231231.42864.max@love2party.net> In-Reply-To: <8e3f9722ef1.41c8e20b@etat.lu> References: <8e3f9722ef1.41c8e20b@etat.lu>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Wednesday 22 December 2004 02:55, Didier Wiroth wrote: > HI, > I'm still trying openbsd and freebsd. > > I'm setting a pppoe router , using pf and ftp-proxy. > On openbsd you can bind ftp-proxy to the localhost address, openbsd's > ftp-proxy only listens to 127.0.0.1 like this: 127.0.0.1:8021 > > On freebsd it listens on all ip addresses, here is the result of sockstat: > root inetd 750 4 tcp4 *:8021 *:* > > I do understand that I can explicitly add a pf rule to deny or allow > access to the proxy but to enforce security is it possible to bind > ftp-proxy so that it only listens to the localhost. This is not so much a problem with ftp-proxy(8), but with the FreeBSD inetd(8). You might want to try ports/security/xinetd instead. It will give you a "replacement for inetd with better control and logging" as the port's description tells. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBByqyeXyyEoT62BG0RApJGAJ9yBKTN4y934J0/DVIgNw0ar2e8owCggL4k Ps0BnTc0aHiMhdd6XQUYanE= =AB3c -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412231231.42864.max>