En Mon, 05 Jan 2009 22:59:46 -0200, James Mills
<prolo...@shortcircuit.net.au> escribió:
On Tue, Jan 6, 2009 at 10:49 AM, Bryan Olson <fakeaddr...@nowhere.org>
wrote:
I thought a firewall would block an attempt to bind to any routeable
address, but not to localhost. So using INADDR_ANY would be rejected.
No.
My understanding is that firewalls block network traffic, not system
calls.
This is correct. Firewalls (real firewalls) can only act on incoming
and outgoing traffic on the IP level.
That's true for hardware firewalls (those found in a router, by example).
They can at most analyze traffic at the application layer but have no idea
of the applications (processes) behind.
A "software firewall" may react not just to traffic but to *who* is doing
that; it may block *processes* when they try to bind/listen to any port,
even before any packet is sent or received. See
http://www.securityfocus.com/infocus/1839
(One may argue whether those are *real* firewalls or not, but that's their
common name...)
(Also note that I'm far for being an expert on these topics)
--
Gabriel Genellina
--
http://mail.python.org/mailman/listinfo/python-list
