Normally, the IPC as configured in use is restricted to localhost (127.0.01) but a case has come up where a user requires the IPC connection to work additionally from a remote IP.
If, in the call to the bind(2), I populate the relevant structure with the remote IP address, will I still be able to have other local processes connect to that port (from localhost)?
I’m not certain that this is same as How to bind a socket to multiple interfaces
Advertisement
Answer
You don’t call bind with the remote IP address. That will not do what you think it will do.
Instead, you’ll need to bind to INADDR_ANY and then drop any incoming connection that isn’t from an allowed IP address.
An even better approach is to also have a firewall rule (iptables) that will block incoming connections to your listening port that isn’t from the approved list of remote IPs.
When you accept the connection, check the remote address returned from that call. Close the socket if it’s not from 127.0.0.1 or the allowed remote IP address.
Ideally, you also have a secure SSL-like validation, auth token validation, or something beyond IP address to validate the authenticity of the node connecting to you.