Firewalls: Re: How secure is xinetd's binding to specific interfaces

Firewalls
(August 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: How secure is xinetd's binding to specific interfaces
From:	Don Lewis <Don . Lewis @ tsc . tdk . com>
Date:	Thu, 1 Aug 1996 15:12:55 -0700
To:	lists @ lina . inka . de (Bernd Eckenfels)
Cc:	firewalls @ GreatCircle . COM, Don . Lewis @ tsc . tdk . com
In-reply-to:	lists @ lina . inka . de (Bernd Eckenfels)

On Aug 1,  7:03pm, Bernd Eckenfels wrote:
} Subject: Re: How secure is xinetd's binding to specific interfaces
} Generally I think it is
} not a good idea to accept packets only if they are addressed to the right
} interface. I think it is much better to insert a firewalling rule if you
} dont want to receive packets on the wrong interface.

I agree with this if IP forwarding is enabled.  If it is not, then it
seems counterintuitive that the kernal is "forwarding" the packet from
the interface on one net to the interface on another, then accepting it.
That's not how it's implemented, but that's what it looks like from the
outside.

If IP forwarding is off, you could even dispense with the loop, which
would improve performance if you had a lot of interfaces.

			---  Truck

Indexed By Date	Previous:	Re: How secure is xinetd's binding to specific interfaces From: Don Lewis <Don . Lewis @ tsc . tdk . com>
Indexed By Date	Next:	Tis or not to tis? From: potlicker @ morebbs . com
Indexed By Thread	Previous:	Re: How secure is xinetd's binding to specific interfaces From: Don Lewis <Don . Lewis @ tsc . tdk . com>
Indexed By Thread	Next:	Re: How secure is xinetd's binding to specific interfaces From: jhue @ crl . com (Jonathan Hue)