Yo Mark! On Fri, 1 Jun 2018 20:06:44 -0700 Mark Atwood via devel <devel@ntpsec.org> wrote:
> But I do understand the pushback against that from GEM, and have been > thinking about it for the past few days. I'm all for iptables, or at least the modern equivalent. But iptables does not adress the issue of binding to some local IPs, and not others. > As I type and think: one of the fundamental problems with having > longrunner daemons try to keep track of addresses, address masks, and > interface names is that interfaces can go down, come up, get renamed, > and have address masks added and removed from each, and trying to > keep track of that in userspace is a nightmare. If a server is renaming your ethernet ports then you got bigger problems that we can solve. > As I type and think more, I ask, "What does Chrony do?", and I look > at [ https://chrony.tuxfamily.org/doc/3.3/chrony.conf.html]. It has a > "bindaddress" directive, which uses IP address, not interface name. I guess I have been conflating interface name with IP address. You are right, it is the IP address that is key, not the interface. > And only one bind address can be specified. It freely admits that > that means Chrony is not the correct solution for serving down > multiple controlled interfaces at once. Very simplifying, but not > what we want. So allow binding to more than one IP address. At a minimum most will want two: IPv4 and IPv6. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 g...@rellim.com Tel:+1 541 382 8588 Veritas liberabit vos. -- Quid est veritas? "If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpTjNha6QNPg.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
