I noticed that the gmond port although configured to serve xml on localhost and work over the local multicast network it still allows people to connect from other ips. It doesn't serve xml to these ips but the user can still hang around with an active connection, i.e. using telnet is a simple way to test this -- after hitting return the connection is closed again. Wouldn't it make more sense to to just drop/defer the connection right away? tcpserver is an example of a program that does this when the max number of connections have been reached, it gracefully discards any further connection attempts -- or connection attempts from ips you don't want to serve.
I realize the gmond process runs setuid under another account, i.e. nobody, but what are your thougths on configuring an additional firewall rule to block gmond 8649 versus having gmond modified to drop the connection right away. I figure its better to do it in gmond and not have a tcp connection potentially hanging around than to load the firewall with another rule. What are the reasons for the current behavior/feature? Lester
