Re: Patch to make postmaster bind to only to localhost.

On Sun, 10 Sep 2000, John C. Quillan wrote:

> The company I work, DataSoft, for is doing a web based project
> that uses Java and the JDBC driver for postgres.  Aperently the
> developers have told me that the JDBC requires the -i option on
> postmaster. The only problem is this leves a visibility to the
> outside world that we are using postmaster, or some other service.
> Now we do have the pg_hba.conf configured to allow connections
> from only that box it self, but you can never be two parinoid.

The following might also do the trick, btw...

/sbin/ipchains -A input -j REJECT -p tcp -d put.your.ip.here 5432 -i eth0 -l

.. add lines for all other interfaces you want to block ...

This causes any TCP connections to port 5432 on that IP address/interface
to be rejected with a connection refused.

I've used this for years on my box, and only ever gotten 2 attempted
connects.

Don't take me wrong - I would like to see some kind of abillity to
selectively bind to certain IP's - configfile a'la httpd.conf.


--
Dominic J. Eidson
                                        "Baruk Khazad! Khazad ai-menu!" - Gimli
-------------------------------------------------------------------------------
http://www.the-infinite.org/              http://www.the-infinite.org/~dominic/