From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RuoOb-0004Fs-SU for garchives@archives.gentoo.org; Tue, 07 Feb 2012 16:59:58 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E8970E0512; Tue, 7 Feb 2012 16:59:28 +0000 (UTC) Received: from mail-ww0-f53.google.com (mail-ww0-f53.google.com [74.125.82.53]) by pigeon.gentoo.org (Postfix) with ESMTP id 7D1DCE06F4 for ; Tue, 7 Feb 2012 16:58:09 +0000 (UTC) Received: by wgbdr12 with SMTP id dr12so7131667wgb.10 for ; Tue, 07 Feb 2012 08:58:08 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Received: by 10.216.201.105 with SMTP id a83mr3517539weo.38.1328633888636; Tue, 07 Feb 2012 08:58:08 -0800 (PST) Sender: antarus@scriptkitty.com Received: by 10.227.60.65 with HTTP; Tue, 7 Feb 2012 08:58:08 -0800 (PST) In-Reply-To: <20120207164418.GA4579@linux1> References: <20120206210451.GA1940@linux1> <1328570113.8348.53.camel@rook> <20120207064348.GA3036@linux1> <1328603319.8348.81.camel@rook> <4F313792.7050502@gentoo.org> <20120207164418.GA4579@linux1> Date: Tue, 7 Feb 2012 08:58:08 -0800 X-Google-Sender-Auth: ZcUJwAtW8KCjXl00YuEcLC_ubYU Message-ID: Subject: Re: [gentoo-dev] rfc: only the loopback interface should provide net From: Alec Warner To: gentoo-dev@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Gm-Message-State: ALoCoQnYwKYK38eADPpZ1azI0tvYKDH3hS9idlo8I7TGt5NpMhXzWKUGV/kGo9OOpf5XFC2cBatD X-Archives-Salt: 54d953d0-0e0c-4b3b-b8b2-46c255e50426 X-Archives-Hash: aaae610f28ee8f4bebc28a85a42ed773 On Tue, Feb 7, 2012 at 8:44 AM, William Hubbs wrote: > On Tue, Feb 07, 2012 at 09:39:14AM -0500, Ian Stakenvicius wrote: >> On 07/02/12 03:28 AM, Alexandre Rostovtsev wrote: >> > >> > If I want to connect to pool.ntp.org to sync the system clock, or >> > to my company's vpn gateway for telecommuting, or to tor to encrypt >> > my traffic, or to a dynamic dns provider to update my machine's >> > record, I do not care in the least which interface I use. >> >> This is not actually true. =C2=A0You care, in that you want to be sure t= hat >> the iface connects to the internet (or at least the network that said >> target sits on). >> >> Many systems that have multiple interfaces have only some of them that >> route out to the rest of the world, and when depending on a generic >> 'net' that includes -all- of them, it's more likely that the, say, >> static private net iface will be configured (and therefore 'net' >> considered started) significantly before the one that can route to the >> internet, and therefore ntp-client's attempts at connecting to >> pool.ntp.org will fail. >> >> I think that "Category 2" needs to be separated into "2a - any >> network", and "2b - any public network". =C2=A0For instance, the service >> 'net' (for 2a) and service 'inet' (for 2b). =C2=A0If this were the defau= lt >> case, then Cat.2 packages that by default want to connect to the >> internet could 'need inet', and then the user would only have to >> define which interfaces are included (or excluded) from satisfying 'inet= '. > > You mean cat 1 actually; cat 2 are the listeners, like sshd, which don't > care as long as some interface is active. > >> The trick that I see here is that init.d scripts have to have their >> 'depends' set up in such a way that the services can be separated >> based on their need for public network or any network, so that the >> user doesn't have to mess with those. =C2=A0By default I think it makes >> sense to keep both the 'net' and 'inet' pools the same (ie, all ifaces >> but net.lo*), but have a simple ability to separate interfaces from >> the 'public net' pool in rc.conf when they do not provide a public >> network connection. > > If we add an internet pool, I would rather it start out with no > interfaces and have the user be required to add the interface(s) to it. Please ship with sane defaults. Most users don't have crazy network setups and the ones that do are already likely customizing and can set up the 'pools' in a way that works for them. -A > > William >