On Wed, Aug 30, 2023 at 10:19:56AM +0300, CpServiceSPb wrote: > There are some multihomed computers which have several network interfaces, > for example lan, wif1i, wifi2, dmz, wan. > At the time chrony are binded either to 0.0.0.0 address, which is meaning " > listen on every available network interface " or only once specified > interface/address by "bind..." directives. > Yes, there is "allow" directive as well. > But anyway there is listening to all the interfaces remaining, that is not > good.
Why is it not good? Is it meant to be a security measure? Would firewall not work better? > Dear developers, please add availability of binding to several interfaces > specified in conf file may be by specifying multiple times of binddevice > or bindaddress, for example: > bindaddress192.168.0.0/24 # lan > bindaddress172.10.0.0/24 # dmz For compatibility with current configuration, which effectively applies only the last occurence per IPv4/IPv6, I think it would need to be specified on one line like this bindaddress 192.168.0.0/24 172.10.0.0/24 It can be implemented, but there should be a good use case for it. -- Miroslav Lichvar -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
