[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Listening on specific interfaces
|
From: |
Paul Heinlein |
|
Subject: |
Re: Listening on specific interfaces |
|
Date: |
Mon, 25 Aug 2003 10:20:50 -0700 (PDT) |
On Mon, 25 Aug 2003 Mark.Burgess@iu.hio.no wrote:
> 0.0.0.0 is not a specific interface but a wildcard IP address. It
> means "allow connections from any client". If you bind to a specific
> IP then you might restrict to traffic from a single host, but is
> that very useful?
Sure:
1. If a client is multi-homed, the policy host currently has to have
root-${if-1}.pub and a symlink pointing to it for each additional
interface. This is a hack we've already had to implement for a
couple hosts.
2. Likewise, the policy host could have multiple interfaces, but the
clients could always count on
/var/cfengine/ppkeys/root-${ipaddr}.pub, without having to resort
to having symlinks to the policy host's public key for each of the
policy host's ${ipaddr}. Our policy host is single-homed, so this
isn't something we've had to implement.
3. If a client host has one leg on a trusted network and one leg on a
public network, it'd be helpful to bind cfengine only to the
trusted interface.
-- Paul Heinlein <heinlein@cse.ogi.edu>
- Listening on specific interfaces, Andre Nathan, 2003/08/22
- RE: Listening on specific interfaces, Wheeler, John, 2003/08/25
- RE: Listening on specific interfaces, Wheeler, John, 2003/08/25
- Re: Listening on specific interfaces, Mark . Burgess, 2003/08/25
- Re: Listening on specific interfaces, Reenen Kroukamp, 2003/08/26
- Re: Listening on specific interfaces, Mark Burgess, 2003/08/27
- Re: Listening on specific interfaces, Chip Seraphine, 2003/08/27
- Re: Listening on specific interfaces, Reenen Kroukamp, 2003/08/27
- Re: Listening on specific interfaces, Mark . Burgess, 2003/08/27
RE: Listening on specific interfaces, Ferguson, Steve, 2003/08/25
RE: Listening on specific interfaces, Ferguson, Steve, 2003/08/27