I'm not clear what you think is happening, and what you want to happen.
bind-interfaces works for tftp; there will be a socket for each address on each valid interface bound to that address and port 69
no-dhcp-interface does indeed suppress tftp on that interface too, and is documented so to do.
Cheers, Simon. On 16/02/2022 13:42, Martin-Éric Racine wrote: > Package: dnsmasq > Version: 2.85-1 > Severity: important >
If 'enable-tftp' is set, the TFTP server appears on all interfaces. It completely disregards bind-interfaces and friends. One would think that TFTP would only be offered on interfaces where dnsmasq happens to offer DHCP services (since DHCP essentially is a superset of BOOTP, to which TFTP is related), but apparently not. The relevant part of my config: bind-interfaces interface=br0 except-interface=enp4s0 no-dhcp-interface=enp4s0 IMHO, the only service that dnsmasq should offer on both loopback and 'interface' is DNS. It ought to be possible to bind every other service that dnsmasq can offer to specific interfaces. If the above already is possible, but my particular combination of bind-interfaces/interface/except-interface/no-dhcp-interface prevents that, I welcome tips on how to fix it. Martin-Éric -- System Information: Debian Release: 11.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-11-amd64 (SMP w/8 CPU threads) Locale: LANG=fi_FI.utf8, LC_CTYPE=fi_FI.utf8 (charmap=UTF-8), LANGUAGE=fi:en Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages dnsmasq depends on: ii dnsmasq-base [dnsmasq-base] 2.85-1 ii init-system-helpers 1.60 ii lsb-base 11.1.0 ii netbase 6.3 ii runit-helper 2.10.3 dnsmasq recommends no packages. Versions of packages dnsmasq suggests: pn resolvconf <none> -- no debconf information
