http://0pointer.net/blog/ip-accounting-and-access-lists-with-systemd.html "All traffic from and to this address will be prohibited for processes of the service" is nice in theory but let's say we have a internal webserver which needs to make curl calls to the internet IPAddressDeny=any IPAddressAllow=localhost IPAddressAllow=10.0.0.0/8 IPAddressAllow=192.168.0.0/16 IPAddressAllow=172.16.0.0/12 can not be used IPAddressDenyIn=any IPAddressAllowIn=localhost IPAddressAllowIn=10.0.0.0/8 IPAddressAllowIn=192.168.0.0/16 IPAddressAllowIn=172.16.0.0/12 would be broadly useable _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
IPAddressDeny/IPAddressAllow is too limited ot be useful
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: IPAddressDeny/IPAddressAllow is too limited ot be useful
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Date: Sun, 23 Dec 2018 02:17:35 +0100
- Openpgp: id=9D2B46CDBC140A36753AE4D733174D5A5892B7B8; url=https://arrakis-tls.thelounge.net/gpg/h.reindl_thelounge.net.pub.txt
- Organization: the lounge interactive design
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.3
- Follow-Ups:
- Re: IPAddressDeny/IPAddressAllow is too limited ot be useful
- From: Lennart Poettering
- Re: IPAddressDeny/IPAddressAllow is too limited ot be useful
- Prev by Date: systemd 240 released
- Next by Date: Suspend issues
- Previous by thread: systemd 240 released
- Next by thread: Re: IPAddressDeny/IPAddressAllow is too limited ot be useful
- Index(es):
 |