On 8/31/19 6:45 PM, John Harris wrote: > On Friday, August 30, 2019 4:33:11 AM MST Björn Persson wrote: >> John Harris wrote: >>> Thing is, binding a port and expecting it to be open to every network >>> interface you've got are two very different things. >> Once again John Harris is completely wrong. The bind system call is >> precisely how a program specifies which network interfaces it wants to >> open a socket to. A program that calls bind with IN6ADDR_ANY_INIT or >> INADDR_ANY and a specific port number expects that port to be open to >> every network interface the computer has. >> >> A program that doesn't intend to listen on every network interface will >> bind to an IP address assigned to one interface to listen only on that >> network, or maybe a localhost address to listen only on the loopback >> interface. The port and the network interface are specified together in >> a single sockaddr object passed to a single system call, so it's very >> much the same thing. >> >> Björn Persson > This is a bit hostile, and certainly comes off as passive aggressive. When you > bind a port, it isn't open on every interface unless you specify that, you're > partially correct. Many programs, however, bind all interfaces regardless. For > example, dnsmasq does this by default, and many other programs do it without a > configuration option on ports. So, while the software may be open to all ports > because of the code itself, that is often not the intention. Many programs > just bind all interfaces, and expect that you'll configure your firewall to > whatever should be able to access the network service it's serving. > > Programs that don't intend to listen on every interface generally don't bind > only to one interface, though they should. Especially not proprietary > software. If an interface is not specified, you get all interfaces bound. > > binding a port has nothing to do with opening a socket to something else. In > nearly all cases, it's used to open your system to incoming connections. Additionally, binding to a specific address does not handle dynamic networks very well. Programs would need to be reconfigured and restarted to handle the machine being connected to a different network, or an IP address change on an existing network. Binding to null address and taking advantage of firewall zones works well for situations where the program should be accessible on one network (or one class of networks) but not another (even when connected to both networks simultaneously). _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx