From 31e4ea727945ba3f746cdfb1dcd647ea469b4af5 Mon Sep 17 00:00:00 2001
From: jbjohnso <jbjohnso@8638fb3e-16cb-4fca-ae20-7b5d299a9bcd>
Date: Mon, 14 Apr 2008 15:17:26 +0000
Subject: [PATCH] -Explicitly bind stunnel to localhost to reduce security
 exposure

git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@1046 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
---
 xCAT-nbroot/overlay/etc/init.d/S11stunnel | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/xCAT-nbroot/overlay/etc/init.d/S11stunnel b/xCAT-nbroot/overlay/etc/init.d/S11stunnel
index 9103c651a..23b1b5fee 100755
--- a/xCAT-nbroot/overlay/etc/init.d/S11stunnel
+++ b/xCAT-nbroot/overlay/etc/init.d/S11stunnel
@@ -15,18 +15,17 @@ mkdir -p /etc/stunnel
 echo 'client=yes' > /etc/stunnel/stunnel.conf
 echo 'foreground=yes' >> /etc/stunnel/stunnel.conf
 echo 'output=/dev/null' >> /etc/stunnel/stunnel.conf
-#echo 'socket=a:SO_BINDTODEVICE=lo' >> /etc/stunnel/stunnel.conf
 echo 'verify=0' >> /etc/stunnel/stunnel.conf
 if [ ! -z "$XCATDEST" ]; then 
    echo '[xcatds]' >> /etc/stunnel/stunnel.conf
-   echo 'accept=301' >> /etc/stunnel/stunnel.conf
+   echo 'accept=127.0.0.1:301' >> /etc/stunnel/stunnel.conf
    echo 'connect='$XCATDEST >> /etc/stunnel/stunnel.conf
 fi
 if [ -r /tmp/dhcpserver ]; then 
    let i=400;
    for srv in `cat /tmp/dhcpserver`; do
     echo "[xcatd$i]" >> /etc/stunnel/stunnel.conf
-    echo "accept=$i" >> /etc/stunnel/stunnel.conf
+    echo "accept=127.0.0.1:$i" >> /etc/stunnel/stunnel.conf
     echo "connect="$srv":"$XCATPORT >> /etc/stunnel/stunnel.conf
     let i=i+1
    done