> personally I don't think that this sort of filtering belongs in > rsyslog, > it can be done at the OS level (with things like iptables), or rsyslog > could use the tcpwrappers library. both cases would filter (by IP) > prior > to it hitting rsyslog in the first place. > > in addition, with UDP the source IP can be forged easily (rsyslog now > contains this capability), so as a security measure it's questionable > anyway.
I agree, but many people seem to use this functionality, and it was introduced some years ago by request. I do not feel comfortable with the idea of removing support for it. The newer protocols do not support ACLs in any case. Are there some more voices in regard to removing that functionality? Would make the implementation (and probably the throughput) a bit simpler/faster. > I agree that fewer messages will probably be lost by accepting them and > checking later than by pausing to do the check initially. Thanks for voicing this. Rainer _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
