> Oh wow, looks like that caused a lot of problems ! Should I have 127.0.0.1 in the allow list ? > I didn't even think of that, I assumed it'd be authorized by default, but looks like it wasn't ! > I don't need to authorize the domains right, just the IPs ? >No looks like reject * does reject all without checking the allow .. -- Kevin Lemonnier PGP Fingerprint : 89A5 2283 04A0 E6E9 0111 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.gluster.org/pipermail/gluster-users/attachments/20160923/c8cdf8f6/attachment.sig>
On Friday 23 September 2016, Kevin Lemonnier <lemonnierk at ulrar.net> wrote:> > Oh wow, looks like that caused a lot of problems ! Should I have > 127.0.0.1 in the allow list ? > > I didn't even think of that, I assumed it'd be authorized by default, > but looks like it wasn't ! > > I don't need to authorize the domains right, just the IPs ? > > > > No looks like reject * does reject all without checking the allow ..I can check it in the code and get back (ordering checks of auth allow and reject could be wrong here) but that'd take some time as I am afk for today. Mohit - do you want to help here?> > > > -- > Kevin Lemonnier > PGP Fingerprint : 89A5 2283 04A0 E6E9 0111 >-- --Atin -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.gluster.org/pipermail/gluster-users/attachments/20160923/43d8e5ff/attachment.html>
Thanks for your answer but I just ended up putting up an iptables to block everything. It works for my current case but that still leaves a bunch of other clusters we have with that problem where putting up a firewall isn't that easy. I guess the ideal would be to bind gluster on the private addresses, is that doable ? A quick google search shows people doing it by editing the volfile, but I suspect that's an old method right ? There must be a way to tell gluster to just not listen on the public IP. -- Kevin Lemonnier PGP Fingerprint : 89A5 2283 04A0 E6E9 0111 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.gluster.org/pipermail/gluster-users/attachments/20160923/75b8f607/attachment.sig>