[Gllug] Security & closing ports on certain interfaces.

[Paul Brazier]

> I'm fairly sure you can make Postfix only listen on the internal 
> interfaces. With the portmapper you're out of luck - all you 
> can do is 
> block the network address in hosts.deny/allow and have the extra 
> insurance of a firewall.  As for X - you can make it not 
> listen for tcp 
> connections at all by running it with -nolisten tcp.  The place to do 
> that is in your xserverrc or .xserverrc script.

Thanks for the responses - I'll try them out tonight.
I found this:

> It would be nice if all the server programs available on Linux systems
had options specifying which 
> interfaces they will listen to. In that case you could just tell all
your servers never to listen to 
> the ppp line, and you'd be all set. Hardly any security measures would
be needed at all (tcpd, 
> firewalls, etc.); you would only use them 'for good measure', as an
extra precaution. Maybe this will 
> happen at some time in the future, but at the moment only a few server
programs have this (including 
> the important cases of exim and samba). 

at: http://www.linuxgazette.com/issue65/stumpel.html

Seems a bit worrying - you'd have thought that specifying which
interface a service should listen on would be a fairly common
requirement. I suppose historically networks had separate *machines* for
each service (and for the firewall) so this was less of an issue.

Paul.


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the originator.

This footnote also confirms that this email message has been checked
for the presence of computer viruses.

**********************************************************************


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug