[Spread-users] spread deamon ip filtering?
Jonathan Stanton
jonathan at spreadconcepts.com
Thu Nov 17 11:57:45 EST 2011
On Nov 17, 2011, at 11:44 AM, Matt Garman wrote:
> We're using spread 4.0.0 on Linux. We'd like to be able to do
> IP-based filtering of clients.
>
>> From the sample.spread.conf file included in the spread source:
>
> #The current choices are:
> # NULL for default, allow anyone authentication
> # IP for IP based checks using the spread.access_ip file
>
> #RequiredAuthMethods = " "
> #AllowedAuthMethods = "NULL"
>
> So it looks like I would put the following in my actual spread config file:
>
> RequiredAuthMethods = "IP"
> AllowedAuthMethods = "IP"
>
> But what about this "spread.access_ip" file---where does it live? In
> the same directory as the config file? Or the spread runtime
> directory?
>
It looks for the spread.access_ip file in the directory the spread daemon is running from first, and then it looks for it in /etc/spread.access_ip.
> Also, what is the format of the file. Do I have to list individual
> IPs, or can I specify subnets? If can specify subnets, what is the
> format (e.g., 192.168.1.0/24 vs 192.168.1.0/255.255.255.0)?
>
Yes, you can list subnets.
There is a sample spread.access_ip file in the Spread documentation directory that shows all of the formats. I have included it at the bottom of this email also.
> What if I have two spread daemons running on the same server, and both
> need different IP whitelists?
>
If you load the access_ip files from the running directory, you just have to make sure each spread has a different active directory.
Cheers,
Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6220 bytes
Desc: not available
Url : http://lists.spread.org/pipermail/spread-users/attachments/20111117/e28316f2/attachment-0001.bin
More information about the Spread-users
mailing list