Date: Mon, 17 Aug 1998 07:40:38 -0400 From: Drew Derbyshire <software@kew.com> To: Darren Reed <avalon@coombs.anu.edu.au> Cc: security@FreeBSD.ORG Subject: Re: inetd enhancements (fwd) Message-ID: <35D816B6.DAD566EB@kew.com> References: <199808160440.VAA29668@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Darren Reed wrote: > allowing different programs to bind to different IP addresses > (on a multi-ip# box) is something inetd does not do and can't > handle with packet filters and requires tcpd/fwtk type solution. A single instance of the stock inetd could not handle selecting specific servers for for specific ports, but you can bind it to a specific address via the -a flag, and so handle multiple server lists via multiple instances. Aside from the extra process overhead, this actually strikes me as cleaner since you can do things like kill the public interface inetd during maint and the like. (If you are running processes from inetd with the wait parameter, than your overhead does goes up, but in a firewall, I'm not sure want many of those you want running anyway.) -ahd- -- Drew Derbyshire UUPC/extended e-mail: software@kew.com Telephone: 617-279-9812 "And he was too old to Rock'n'Roll but he was too young to die. No, you're never too old to Rock'n'Roll if you're too young to die." -- Ian Anderson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35D816B6.DAD566EB>