From owner-freebsd-security  Mon Aug 17 04:41:36 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id EAA26112
          for freebsd-security-outgoing; Mon, 17 Aug 1998 04:41:36 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from kendra.ne.mediaone.net (kendra.ne.mediaone.net [24.128.94.182])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA26104
          for <security@FreeBSD.ORG>; Mon, 17 Aug 1998 04:41:33 -0700 (PDT)
          (envelope-from software@kew.com)
Received: from ffactory.uucp.kew.com (ffactory.hh.kew.com [192.168.203.131])
	by kendra.ne.mediaone.net (8.9.0/8.9.0) with SMTP id HAA22155;
	Mon, 17 Aug 1998 07:40:41 -0400 (EDT)
Received:  from kew.com by ffactory.uucp.kew.com (UUPC/extended 1.13c) with UUCP
           for multiple addressees; Mon, 17 Aug 1998 07:40:40 -0500
Received:  from kew.com by ffactory.uucp.kew.com (UUPC/extended 1.13c) with ESMTP
           for multiple addresses; Mon, 17 Aug 1998 07:40:39 -0500
Message-ID: <35D816B6.DAD566EB@kew.com>
Date: Mon, 17 Aug 1998 07:40:38 -0400
From: Drew Derbyshire <software@kew.com>
Organization: Kendra Electronic Wonderworks, Stoneham, MA 02180 (http://www.kew.com)
X-Mailer: Mozilla 4.05 [en] (WinNT; U)
MIME-Version: 1.0
To: Darren Reed <avalon@coombs.anu.edu.au>
CC: security@FreeBSD.ORG
Subject: Re: inetd enhancements (fwd)
References: <199808160440.VAA29668@hub.freebsd.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Darren Reed wrote:
> allowing different programs to bind to different IP addresses
> (on a multi-ip# box) is something inetd does not do and can't
> handle with packet filters and requires tcpd/fwtk type solution.

A single instance of the stock inetd could not handle selecting specific
servers for for specific ports, but you can bind it to a specific address via
the -a flag, and so handle multiple server lists via multiple instances. 
Aside from the extra process overhead, this actually strikes me as cleaner
since you can do things like kill the public interface inetd during maint and
the like.

(If you are running processes from inetd with the wait parameter, than your
overhead does goes up, but in a firewall, I'm not sure want many of those you
want running anyway.)

-ahd-
-- 
Drew Derbyshire         UUPC/extended e-mail:  software@kew.com
                                   Telephone:  617-279-9812

 "And he was too old to Rock'n'Roll 
  but he was too young to die.
  No, you're never too old to Rock'n'Roll 
  if you're too young to die."
                                                -- Ian Anderson

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message