Hi Gary,
Follow us on LinkedIn,
Facebook and Twitter!
Den 15.04.2020 23:54, skrev Gary E.
Miller:
On Wed, 15 Apr 2020 09:15:13 +0200
Steffen Sledz <address@hidden> wrote:
According to the manpage the -G flag enables listening on all
addresses (INADDR_ANY) rather than just the loop back
(INADDR_LOOPBACK) address.
Yup.
This is unfortunately a little too unspecific for us.
Could be.
Is it possible to specify specific interfaces to listen on?
Possible, if you want to send patches to put a bunch of firewall code
into gpsd. Other daemons have done that, but it is never good enough.
You already have a fantastic fancy firewall on your host. Well
documented, well debugged, the best of the best checking it for bugs and
holes. And backed up by tools such as fail2ban for defense in depth.
This is UNIX: do one thing do it well. gpsd does GNSS well. Leave
the firewall stuff to the firewall people.
I see your point, Gary, but there are situations where
firewall/iptables settings do not necessarily easily apply, like
when using various types of container solution with shared
networking and such. Therefore, the option to specify specific ip
addresses or interfaces til listen on would be good to have.
BR,
Tor Rune Skoglund