On Thu, Feb 12, 2009 at 6:36 PM, Gordon Sim <g...@redhat.com> wrote: > Aidan Skinner wrote: >> >> I've been writing up a proposed implementation for adding IP >> Whitelisting to the Java broker on the wiki at >> http://qpid.apache.org/ip-whitelisting.html >> >> Feedback gratefully received. > > What are the advantages of doing this in the broker as opposed to using a > separate firewall?
Primarily that it's possible to restrict access to a particular virtualhost, rather than the whole broker. As a secondary benefit it's possible to reconfigure without having to restart the network stack and drop existing connections. Personally, I'd be running different virtualhosts in different instances and using the firewall but that's me. There's a particular user that requested this functionality who sees things differently and doesn't necessarily have access to the firewall on those machines in any case. - Aidan -- Apache Qpid - World Domination through Advanced Message Queueing http://qpid.apache.org --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:dev-subscr...@qpid.apache.org
