LPD listen directive?
Arthur Chance
freebsd at qeng-ho.org
Wed Jan 31 11:07:29 UTC 2018
On 30/01/2018 21:48, James B. Byrne via freebsd-questions wrote:
> Can lpd be configured such that it listens only on specific IP
> addresses? If so where and how is it done? We are running lpd and
> cups on the same host. Cups is configured to only listen on the
> loopback address. But lpd is listening on all available addresses.
>
> netstat -a | grep LISTEN
> tcp4 0 0 localhost.domain *.* LISTEN
> tcp6 0 0 localhost.domain *.* LISTEN
> tcp4 0 0 localhost.ssh *.* LISTEN
> tcp4 0 0 192.168.216.44.ssh *.* LISTEN
> tcp4 0 0 vhost04.ssh *.* LISTEN
> tcp4 0 0 vhost04.2222 *.* LISTEN
> tcp4 0 0 localhost.ftp-proxy *.* LISTEN
> tcp4 0 0 localhost.ipp *.* LISTEN
> tcp6 0 0 localhost.ipp *.* LISTEN
> tcp4 0 0 vhost04.smtp *.* LISTEN
> tcp4 0 0 localhost.smtp *.* LISTEN
> tcp4 0 0 *.printer *.* LISTEN
> tcp6 0 0 *.printer *.* LISTEN
>
Quick hint: sockstat -l is (IMO) a better way to show what listening
sockets are open.
I haven't actually tried this, so can't guarantee it's totally correct,
but in theory you can use jail(8) to lock any program down to one
address. I believe a command like
jail path=/ ip4.addr=1.2.3.4 ip6=disable cmd ...
would run cmd with only the IPv4 address 1.2.3.4 usable and IPv6 locked
out totally. The path=/ bit sets the root of the jail to see the full
file system as normal.
Using this with an /etc/rc.d/* service files would probably require
tweaking the shutdown command to kill the relevant jail.
--
An amusing coincidence: log2(58) = 5.858 (to 0.0003% accuracy).
More information about the freebsd-questions
mailing list