Oleg Broytmann wrote:
>
> There is no way. Either disable TCP/IP or use HBA. When using TCP/IP + HBA,
> Postgres will listen on its TCP/IP port, and telnetting is always possible.
> HBA helps to restrict access to databases, but not to TCP/IP port.
>
> You can try to configure firewall on you host - completeley disable
> postgres port for input and output.
> Or ask PHP authors to fix the bug in PHP3 and run without TCP/IP.
There are a number of clients that require TCP/IP sockets -- pgaccess,
php, aolserver, just to name three.
The solution is a firewall -- if running linux 2.2, use ipchains. If
running linux 2.0, use ipfwadm. Or, block access to this port using
your border router's packet-filter syntax.
On a cisco, you can:
access-list 101 deny tcp any any eq 6542 log
to deny access to tcp port 6542 and log the attempt. Of course, you
then need to apply the acl 101 to the incoming appropriate interface,
and you will need an explicit permit tcp any any below that to allow the
rest of your traffic through...
Lamar Owen
WGCR Internet Radio
