Mags Phangisa wrote:
Is there a way to ensure that a FB database listens only to localhost as a way of increased security?
Mark answers:
Just set the RemoteBindAddress setting in firebird.conf and restart the server. This will bind Firebird to the network interface specific to that address.
Michael Weissenbacher adds:
For classic on Linux you need to add "bind" to xinetd.conf:
service gds_db
{
disable = no
bind = 127.0.0.1
...
}
Thomas Steinmaurer adds:
If you are on 2.1 or later, you could write an ON CONNECT trigger, which throws an exception if the client ip (using RDB$GET_CONTEXT) is different to 127.0.0.1 or 'localhost'.