Date: Sat, 1 Jul 2000 12:37:20 +0100 (BST) From: Jan Grant <Jan.Grant@bristol.ac.uk> To: net@freebsd.org Subject: Ingress filtering to loopback address: is there any way to do this without a full firewall install? Message-ID: <Pine.GHP.4.21.0007011234270.21667-100000@mail.ilrt.bris.ac.uk>
next in thread | raw e-mail | index | archive | help
Sorry about the repost; I sent this to questions with no response. For a random service running on a random machine: On machine A (192.168.0.1): hostA:/> netstat -an | grep 5998 tcp4 0 0 127.0.0.1.5998 *.* LISTEN On machine B: (192.168.0.2):* hostB:/> ifconfig lo down hostB:/> route add -host 127.0.0.1 gw 192.168.0.1 hostB:/> telnet 127.0.0.1 5998 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. RANDOMSERVICE (hostA) welcomes you... Is there a way to stop the delivery of non-localhost-originated packets to services listening on a loopback address without building a firewall into the kernel? Cheers in advance, jan PS. I'd appreciate a CC: directly; I'm not (currently) subscribed to fbsd-net. Thanks! * This machine was "another free unix-a-like" hence the interface name, etc. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287163 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk If it's broken really badly - don't fix it either. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GHP.4.21.0007011234270.21667-100000>