Darren Reed writes: > What about adding "bind_interface" (at both the global inetd > level and on a per service basis) ?
Yikes. I don't see how such a request is even possible. First, we'd have to create some sort of Linux-like "bind to interface" misfeature on Solaris, as the kernel currently doesn't do what I think you're asking. To do that, we'd have to have some clear semantics. How does it interact with exclusive binding? What happens as interfaces are configured and removed? Or do we just dispense with actual binding and instead do IP_RECVIF inside inetd, and drop connections that don't match? There may be some very narrow cases in which "bind to interface" makes some sense (implementing DHCP/BOOTP without resorting to DLPI would likely be one), but I don't think any of them match up with regular inetd services. Instead, if what's wanted here (as I suspect) is some sort of linkage between the services configured on the system, and the packet filters established on the system interfaces, then that's probably what should be addressed. Windows seems to do a fairly decent job at this, but we don't. -- James Carlson, KISS Network <james.d.carlson at sun.com> Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677