On a non-constrained device, this can be handled by a host firewall, for applications that can't handle it themselves. But it's much more efficient for the app (or iotivity in this case) to be configurable itself rather than relying on a firewall to compensate. For anyone who wants a much deeper discussion on that topic, see IAB RFC 7288 (https://tools.ietf.org/html/rfc7288).
-----Original Message----- From: iotivity-dev-boun...@lists.iotivity.org [mailto:iotivity-dev-boun...@lists.iotivity.org] On Behalf Of Thiago Macieira Sent: Tuesday, December 5, 2017 3:29 PM To: Gregg Reynolds <d...@mobileink.com> Cc: iotivity-dev <iotivity-dev@lists.iotivity.org> Subject: Re: [dev] which libcoap to use in master branch? On Tuesday, 5 December 2017 14:55:09 PST Gregg Reynolds wrote: > Don't mean to try your patience, but I still don't follow. It sounds > like you're describing an ocf service that just happens to run on a > router. In that case there's no question of not accepting ocf local > packets nor of talking to the cloud. No? There would only be an issue > if the OCF service was indeed a router/bridge which could send and receive > stuff on the cloud. > Then you might want to white/black list cloud (tcp/http) addresses. > But that's not an ocf issue, is it? Correct, I was talking about a regular service that just happens to be run on a machine with more than one network interface, one of which is actively hostile. Sure, this device may talk to the Cloud, but that's very different from doing neighbour discovery on the WAN port. With my cable modem, for example, there are anywhere from a few tens to hundreds of other connections on the same bus, from other subscribers to my ISP. This could happen on a phone as well. If I have my IoTivity application running on my phone and I walk out the door, I don't want it to send discovery requests over 3G. It's a PPP connection, so it won't find any neighbours, but I don't want those packets going out anyway. Much less accept incoming packets. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel Open Source Technology Center _______________________________________________ iotivity-dev mailing list iotivity-dev@lists.iotivity.org https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.iotivity.org%2Fmailman%2Flistinfo%2Fiotivity-dev&data=02%7C01%7Cdthaler%40microsoft.com%7C3c9358d07a094b0a5fa008d53c380033%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636481133639003612&sdata=APbCY%2Fy3qpnKcqq1p%2FW9x02hp9MNjTkzTz7NtLrTLa0%3D&reserved=0 _______________________________________________ iotivity-dev mailing list iotivity-dev@lists.iotivity.org https://lists.iotivity.org/mailman/listinfo/iotivity-dev
