> Why is it not good? Is it meant to be a security measure? Would firewall not work better? There are sockets in a system. Sometimes a firewall can pass packets due to its malfunction or not accurate settings. If there are no extra sockets it is much much better for security.
> For compatibility with current configuration, which effectively applies only the last occurence per IPv4/IPv6, >I think it would need to be specified on one line like this >bindaddress 192.168.0.0/24 172.10.0.0/24 It seems very good way in the case. > It can be implemented, but there should be a good use case for it. I ilked Chrony and will use it instead of NTPd on 3 of 5 interfaces of the server. One thing that stopped me from using Chrony on a real server is lack of multiple bindings. ср, 30 авг. 2023 г. в 11:40, Miroslav Lichvar <mlich...@redhat.com>: > On Wed, Aug 30, 2023 at 10:19:56AM +0300, CpServiceSPb wrote: > > There are some multihomed computers which have several network > interfaces, > > for example lan, wif1i, wifi2, dmz, wan. > > At the time chrony are binded either to 0.0.0.0 address, which is > meaning " > > listen on every available network interface " or only once specified > > interface/address by "bind..." directives. > > Yes, there is "allow" directive as well. > > But anyway there is listening to all the interfaces remaining, that is > not > > good. > > Why is it not good? Is it meant to be a security measure? Would > firewall not work better? > > > Dear developers, please add availability of binding to several interfaces > > specified in conf file may be by specifying multiple times of binddevice > > or bindaddress, for example: > > bindaddress192.168.0.0/24 # lan > > bindaddress172.10.0.0/24 # dmz > > For compatibility with current configuration, which effectively > applies only the last occurence per IPv4/IPv6, I think it would need > to be specified on one line like this > > bindaddress 192.168.0.0/24 172.10.0.0/24 > > It can be implemented, but there should be a good use case for it. > > -- > Miroslav Lichvar > > > -- > To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with > "unsubscribe" in the subject. > For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the > subject. > Trouble? Email listmas...@chrony.tuxfamily.org. > >
