Date: Mon, 17 Aug 1998 07:40:38 -0400 From: Drew Derbyshire <software@kew.com> To: Darren Reed <avalon@coombs.anu.edu.au> Cc: security@FreeBSD.ORG Subject: Re: inetd enhancements (fwd) Message-ID: <35D816B6.DAD566EB@kew.com> References: <199808160440.VAA29668@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Darren Reed wrote:
> allowing different programs to bind to different IP addresses
> (on a multi-ip# box) is something inetd does not do and can't
> handle with packet filters and requires tcpd/fwtk type solution.
A single instance of the stock inetd could not handle selecting specific
servers for for specific ports, but you can bind it to a specific address via
the -a flag, and so handle multiple server lists via multiple instances.
Aside from the extra process overhead, this actually strikes me as cleaner
since you can do things like kill the public interface inetd during maint and
the like.
(If you are running processes from inetd with the wait parameter, than your
overhead does goes up, but in a firewall, I'm not sure want many of those you
want running anyway.)
-ahd-
--
Drew Derbyshire UUPC/extended e-mail: software@kew.com
Telephone: 617-279-9812
"And he was too old to Rock'n'Roll
but he was too young to die.
No, you're never too old to Rock'n'Roll
if you're too young to die."
-- Ian Anderson
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35D816B6.DAD566EB>