Обсуждение: Impossible to bind to a specific IP address
Hi,
As far as I can tell from the documentaion, it is impossible to tell the
postmaster daemon to bind to just a single IP address - only to a
specific port on all IP addresses. This makes hardening the box
postgresql is running on impossible.
Is there a workaround to this? (other than trying to firewall off the
ports - the box needs to be protected from other boxes nearby - it is in
an insecure environment).
Regards,
Graham
--
-----------------------------------------
minfrin@sharp.fm "There's a moon
over Bourbon Street
tonight..."
Graham Leggett <minfrin@sharp.fm> writes:
> As far as I can tell from the documentaion, it is impossible to tell the
> postmaster daemon to bind to just a single IP address
Sure you can, assuming you're running a current release. See
VIRTUAL_HOST config parameter or equivalent -h commandline switch.
regards, tom lane
> Hi, > > As far as I can tell from the documentaion, it is impossible to tell the > postmaster daemon to bind to just a single IP address - only to a > specific port on all IP addresses. This makes hardening the box > postgresql is running on impossible. > > Is there a workaround to this? (other than trying to firewall off the > ports - the box needs to be protected from other boxes nearby - it is in > an insecure environment). In 7.1.X you can bind to a specific IP. See postmaster -h flag. Not sure about 7.0.X releases. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026