On Jul 30, 6:37pm, <firewalls-owner @
> Well, I have looked a little at xinetd's code, but I think it's pretty
> secure. Basically, it probably does a getsockname() on incoming
> connections to find out what interface they are coming in on.
getsockname! Thanks so much for pointing out this wonderful routine.
I don't know why I never saw it before. I guess I learned firewall
programming from the TIS Firewall Toolkit and I never saw this routine
used to detect the incoming interface. I've always used getpeername
to find out where a request is coming from, and then filter based on
subnet (along with anti-spoofing filtering on the external router).
I could kick myself. Oh well, you learn something new every day.