Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-16-2007, 09:29 PM
|
#1
|
Member
Registered: Mar 2005
Distribution: FC, Gentoo
Posts: 276
Rep:
|
restrict a tcp port to only a specific program
How to restrict a tcp port to only a specific program (i.e. other program are not allowed access)?
e.g. restrict the tcp port 1600 access to only the myproc program.
Do I use xinetd?
If yes, what is the configuration file setting?
Last edited by powah; 04-16-2007 at 09:32 PM.
|
|
|
04-16-2007, 09:36 PM
|
#2
|
LQ Guru
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
|
You can't truly restrict it. However by adding an entry to /etc/services for it you can insure it isn't opened by programs that need a random port. Often your issue is simply that something requested a random port and got the one you want.
However if you have two separate programs that are configured to specifically ask for port 1600 then the first one that gets it gets it. The only way to change that is to change the configuration of one of the two programs so that it doesn't request port 1600.
|
|
|
04-16-2007, 10:51 PM
|
#3
|
Senior Member
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,794
|
Couldn't you use /etc/hosts.allow? like this:
Code:
ALL : ALL : aclexec [ '%R' != 1600 ] || [ '%d' == myproc ]
I think this should only allow programs to listen on ports other than 1600 unless their name is myproc. Doesn't work for clients though...
man pages: hosts_options (5) and hosts_access (5)
|
|
|
04-17-2007, 08:03 AM
|
#4
|
LQ Guru
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
|
I don't know if that would work (not saying it won't - haven't tried it). It doesn't really "reserve" the port though - it just keeps your other programs that try to use it from running.
My point is if you have a program that is configured to explicitly open port 1600 rather than one that is getting it randomly blocking the port isn't really the solution. Sure you might get another program that explicitly opens 1600 working but the first program won't work at all because it requires 1600.
It is much better to try doing the /etc/services setup to prevent random use of port 1600. If you still have something using port 1600 after that you should be able to figure it out with lsof as noted earlier and then you should change one of the competing programs to use a different explicit port (or if you don't need the other to run you should modify your setup so it doesn't try to start rather than blocking it from starting properly. Why waste CPU cycles on something that shouldn't run?
|
|
|
All times are GMT -5. The time now is 04:03 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|