[Spread-users] spread deamon ip filtering?
jonathan at spreadconcepts.com
Thu Nov 17 11:57:45 EST 2011
On Nov 17, 2011, at 11:44 AM, Matt Garman wrote:
> We're using spread 4.0.0 on Linux. We'd like to be able to do
> IP-based filtering of clients.
>> From the sample.spread.conf file included in the spread source:
> #The current choices are:
> # NULL for default, allow anyone authentication
> # IP for IP based checks using the spread.access_ip file
> #RequiredAuthMethods = " "
> #AllowedAuthMethods = "NULL"
> So it looks like I would put the following in my actual spread config file:
> RequiredAuthMethods = "IP"
> AllowedAuthMethods = "IP"
> But what about this "spread.access_ip" file---where does it live? In
> the same directory as the config file? Or the spread runtime
It looks for the spread.access_ip file in the directory the spread daemon is running from first, and then it looks for it in /etc/spread.access_ip.
> Also, what is the format of the file. Do I have to list individual
> IPs, or can I specify subnets? If can specify subnets, what is the
> format (e.g., 192.168.1.0/24 vs 192.168.1.0/255.255.255.0)?
Yes, you can list subnets.
There is a sample spread.access_ip file in the Spread documentation directory that shows all of the formats. I have included it at the bottom of this email also.
> What if I have two spread daemons running on the same server, and both
> need different IP whitelists?
If you load the access_ip files from the running directory, you just have to make sure each spread has a different active directory.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6220 bytes
Desc: not available
Url : http://lists.spread.org/pipermail/spread-users/attachments/20111117/e28316f2/attachment-0001.bin
More information about the Spread-users