[Pkg-mpd-maintainers] Bug#785418: Bug#785418: mpd: port 6600 is exposed to non-localhost despite `bind_to_address "localhost"`
Florian Schlichting
fsfs at debian.org
Mon May 18 08:48:08 UTC 2015
Hi Jonathan,
> I configured mpd with `bind_to_address "localhost"`, to make it only
> locally available, but netstat shows this:
>
> > tcp6 0 0 [::]:6600 [::]:* LISTEN 1/systemd
>
> Although not shown in netstat output (?), mpd is available in the LAN
> via IPv4, too.
you're obviously using systemd to start mpd via socket activation. The
way systemd creates the socket and thus makes mpd available on the
network is not determined by the mpd configuration, but through the
systemd unit called mpd.socket, and mpd itself is not able to change the
settings made in the socket unit when it has actually been started, i.e.
the bind_to_address directive becomes ineffective with socket
activation.
The default mpd.socket unit makes mpd available via both IPv4 and IPv6
on all interfaces, so you'll likely want to customize the ListenStream
directive in a local copy. I'm not sure if this classifies as "systemd
common knowledge" that we still need a little time to thoroughly grasp,
or if a helpful comment in the mpd sample configuration is called for?
Florian
More information about the Pkg-mpd-maintainers
mailing list