[lug] Firewall / Lockdown questions

Nate Duehr nate at natetech.com
Wed Aug 1 00:46:45 MDT 2007


On Jul 31, 2007, at 8:21 PM, Brad Crotchett wrote:

> On Tue, 2007-07-31 at 18:52 -0600, dio2002 at indra.com wrote:
>
>> Is there a way to confirm using netstat on localhost that smtp /  
>> 25 is
>> ONLY ACCEPTING on 127.0.0.1 versus accepting on 0.0.0.0?  I'm  
>> thinking
>> there is a way to confirm this functionality on the box without  
>> having to
>> issue a command over the network from a separate box.  just not  
>> sure how?
>
> 'netstat -an' should show you what local address a service is  
> listening
> on.

Yes, but listening daemons can listen for incoming from anything and  
then reject connections from specific addresses.  That's what he was  
asking was if you could see at the OS level what the application  
layer will reject.

The answer is, of course, no.  When security restrictions are handled  
at the application, all the OS knows is that the daemon is listening  
for connections on a port number.  The OS doesn't know that the  
daemon will disconnect anyone coming in from a blacklisted address.

--
Nate Duehr
nate at natetech.com






More information about the LUG mailing list