On 2006-10-11 mcr@sandelman.ottawa.on.ca wrote:
> >>>>> "Thor" == Thor Lancelot Simon <tls@rek.tjls.com> writes:
>     Thor> I think that if we provided sane primitives for discovering
>     Thor> the set of valid destination addresses for a host, and binding
>     Thor> a socket so that it would receive packets on _some addresses_
>     Thor> (not one, and not all) it would be easy to add the kind of
>     Thor> access control you seem to want (and which a lot of other
>     Thor> people would probably like as well) to our applications.
>
>     Thor> In this case, we would add it to mountd, rpcbind, and the
>     Thor> in-kernel NFS server.  It would be a nice example of the
>     Thor> interface, actually.
>
>   I agree strongly.

  But should individual applications need to know about it?  An
alternative would be to let, say, inetd determine this even for separate
servers and provide a notification interface if the server really needs to
know what interface/address(s) it is listening on.

Matthew Orgass
darkstar@city-net.com