LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-16-2007, 09:29 PM   #1
powah
Member
 
Registered: Mar 2005
Distribution: FC, Gentoo
Posts: 276

Rep: Reputation: 30
restrict a tcp port to only a specific program


How to restrict a tcp port to only a specific program (i.e. other program are not allowed access)?
e.g. restrict the tcp port 1600 access to only the myproc program.
Do I use xinetd?
If yes, what is the configuration file setting?

Last edited by powah; 04-16-2007 at 09:32 PM.
 
Old 04-16-2007, 09:36 PM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
You can't truly restrict it. However by adding an entry to /etc/services for it you can insure it isn't opened by programs that need a random port. Often your issue is simply that something requested a random port and got the one you want.

However if you have two separate programs that are configured to specifically ask for port 1600 then the first one that gets it gets it. The only way to change that is to change the configuration of one of the two programs so that it doesn't request port 1600.
 
Old 04-16-2007, 10:51 PM   #3
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,794

Rep: Reputation: 2087Reputation: 2087Reputation: 2087Reputation: 2087Reputation: 2087Reputation: 2087Reputation: 2087Reputation: 2087Reputation: 2087Reputation: 2087Reputation: 2087
Couldn't you use /etc/hosts.allow? like this:
Code:
ALL : ALL : aclexec [ '%R' != 1600 ] || [ '%d' == myproc ]
I think this should only allow programs to listen on ports other than 1600 unless their name is myproc. Doesn't work for clients though...

man pages: hosts_options(5) and hosts_access(5)
 
Old 04-17-2007, 08:03 AM   #4
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
I don't know if that would work (not saying it won't - haven't tried it). It doesn't really "reserve" the port though - it just keeps your other programs that try to use it from running.

My point is if you have a program that is configured to explicitly open port 1600 rather than one that is getting it randomly blocking the port isn't really the solution. Sure you might get another program that explicitly opens 1600 working but the first program won't work at all because it requires 1600.

It is much better to try doing the /etc/services setup to prevent random use of port 1600. If you still have something using port 1600 after that you should be able to figure it out with lsof as noted earlier and then you should change one of the competing programs to use a different explicit port (or if you don't need the other to run you should modify your setup so it doesn't try to start rather than blocking it from starting properly. Why waste CPU cycles on something that shouldn't run?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
TCP port 708 open - how to find out by which program? Yalla-One Slackware 2 03-25-2006 10:12 AM
Opening a port for a specific program using the Firewall (SUSE 9.3) Jongi SUSE / openSUSE 4 10-30-2005 04:18 AM
To restrict a specific user simi_virgo Linux - Newbie 1 02-26-2005 12:03 AM
how to stop a connection to a specific UDP/TCP port? aromes Linux - Networking 2 03-04-2004 07:37 PM
how can i restrict /etc/motd for a specific user mtest Programming 8 10-30-2003 01:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration