|
From: | Tor Rune Skoglund |
Subject: | Re: listen on specific network interfaces |
Date: | Thu, 16 Apr 2020 08:27:42 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 |
Hi Gary,
On Wed, 15 Apr 2020 09:15:13 +0200 Steffen Sledz <address@hidden> wrote:According to the manpage the -G flag enables listening on all addresses (INADDR_ANY) rather than just the loop back (INADDR_LOOPBACK) address.Yup.This is unfortunately a little too unspecific for us.Could be.Is it possible to specify specific interfaces to listen on?Possible, if you want to send patches to put a bunch of firewall code into gpsd. Other daemons have done that, but it is never good enough. You already have a fantastic fancy firewall on your host. Well documented, well debugged, the best of the best checking it for bugs and holes. And backed up by tools such as fail2ban for defense in depth. This is UNIX: do one thing do it well. gpsd does GNSS well. Leave the firewall stuff to the firewall people.
I see your point, Gary, but there are situations where firewall/iptables settings do not necessarily easily apply, like when using various types of container solution with shared networking and such. Therefore, the option to specify specific ip addresses or interfaces til listen on would be good to have.
BR,
Tor Rune Skoglund
[Prev in Thread] | Current Thread | [Next in Thread] |