Why admin's do not trust daemons to do their own packet filtering (was Re: Resuming the great cleanup)
kurt at roeckx.be
Tue May 29 19:35:46 UTC 2018
On Tue, May 29, 2018 at 03:15:15PM -0400, Eric S. Raymond via devel wrote:
> +interface+ [+listen+ | +ignore+ | +drop+] [+all+ | +ipv4+ | +ipv6+ | +wildcard+ | 'name' | 'address'[/'prefixlen']]::
> This command controls which network addresses +ntpd+ opens, and
> whether input is dropped without processing.
Do we only have 1/2 socket by default, or do we still have a listen
socket per interface / ip address?
If there is still a socket per interface / ip address, at least
some of this will be useful to some people. There are actually
people that have more interfaces than you can have open files.
More information about the devel