| From: | "Dominic J(dot) Eidson" <sauron(at)the-infinite(dot)org> |
|---|---|
| To: | "John C(dot) Quillan" <john_quillan(at)datasoft(dot)com> |
| Cc: | pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: Patch to make postmaster bind to only to localhost. |
| Date: | 2000-09-10 19:27:16 |
| Message-ID: | Pine.LNX.4.10.10009101419390.22971-100000@morannon.the-infinite.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
On Sun, 10 Sep 2000, John C. Quillan wrote:
> The company I work, DataSoft, for is doing a web based project
> that uses Java and the JDBC driver for postgres. Aperently the
> developers have told me that the JDBC requires the -i option on
> postmaster. The only problem is this leves a visibility to the
> outside world that we are using postmaster, or some other service.
> Now we do have the pg_hba.conf configured to allow connections
> from only that box it self, but you can never be two parinoid.
The following might also do the trick, btw...
/sbin/ipchains -A input -j REJECT -p tcp -d put.your.ip.here 5432 -i eth0 -l
.. add lines for all other interfaces you want to block ...
This causes any TCP connections to port 5432 on that IP address/interface
to be rejected with a connection refused.
I've used this for years on my box, and only ever gotten 2 attempted
connects.
Don't take me wrong - I would like to see some kind of abillity to
selectively bind to certain IP's - configfile a'la httpd.conf.
--
Dominic J. Eidson
"Baruk Khazad! Khazad ai-menu!" - Gimli
-------------------------------------------------------------------------------
http://www.the-infinite.org/ http://www.the-infinite.org/~dominic/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mark Hollomon | 2000-09-11 14:09:31 | ALTER TABLE OWNER |
| Previous Message | John C. Quillan | 2000-09-10 18:27:40 | Patch to make postmaster bind to only to localhost. |