"Listen on" semantics (was: Re: [ntp:questions] Re: recvfrom( fd=51: Connection refused)

Luc Pardon xntp at skopos.be
Wed Sep 13 12:00:08 UTC 2006

Danny Mayer wrote:
> Luc Pardon wrote:
>>     In any case, it looks like it will always listen on and on
>> the wildcard interface, there is no way to disable those.
> Right. That was deliberate. You always want to listen on those addresses
> as well as ::1 and ::. Is there and issue with that?

    That depends on one's definition of "issue" <g>.

    In my view it certainly does not meet the "principle of least 
surprise". It might be OK now because of the single -I limitation. But 
as soon as we can specify multiple addresses, if I want it to listen on I will tell it to. I mean, I would expect this to be "all or 
nothing": Either I let it use the defaults, or I take control. As it is 
now, it is a little bit of both and that is, well, surprising.

    There is also the issue of security. It is generally accepted as 
common sense that one should only install and run the services and open 
the ports that are absolutely needed.

    You may argue that in this particular case it doesn't hurt, and you 
may or may not have a point. But from the "common sense" point of view 
that is irrelevant. The only question is: do I absolutely need it under 
all circumstances? If not, don't open it.

    Just my 0.02 Euro.


More information about the questions mailing list