From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RuoD1-0002Ny-SQ for garchives@archives.gentoo.org; Tue, 07 Feb 2012 16:48:00 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CD8E8E06DC; Tue, 7 Feb 2012 16:47:50 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 847D2E06D7 for ; Tue, 7 Feb 2012 16:47:20 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 146031B4029 for ; Tue, 7 Feb 2012 16:47:20 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Flag: NO X-Spam-Score: -2.496 X-Spam-Level: X-Spam-Status: No, score=-2.496 tagged_above=-999 required=5.5 tests=[AWL=-0.584, BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zYS0MJyarIPB for ; Tue, 7 Feb 2012 16:47:14 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 3B2EB1B401D for ; Tue, 7 Feb 2012 16:47:13 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1RuoCC-0004aL-1b for gentoo-dev@gentoo.org; Tue, 07 Feb 2012 17:47:08 +0100 Received: from ip68-231-22-224.ph.ph.cox.net ([68.231.22.224]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 07 Feb 2012 17:47:08 +0100 Received: from 1i5t5.duncan by ip68-231-22-224.ph.ph.cox.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 07 Feb 2012 17:47:08 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-dev@lists.gentoo.org From: Duncan <1i5t5.duncan@cox.net> Subject: [gentoo-dev] Re: rfc: only the loopback interface should provide net Date: Tue, 7 Feb 2012 16:46:58 +0000 (UTC) Message-ID: References: <20120206210451.GA1940@linux1> <1328570113.8348.53.camel@rook> <20120207064348.GA3036@linux1> <1328603319.8348.81.camel@rook> <4F313792.7050502@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: ip68-231-22-224.ph.ph.cox.net User-Agent: Pan/0.135 (Tomorrow I'll Wake Up and Scald Myself with Tea; GIT 19ecd49 /st/portage/src/egit-src/pan2) Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 83e6136d-35bb-40a3-8bd4-e8e8ceac6648 X-Archives-Hash: 7e51f377df7ae15af8767a4bbf48236e Ian Stakenvicius posted on Tue, 07 Feb 2012 09:39:14 -0500 as excerpted: > I think that "Category 2" needs to be separated into "2a - any network"= , > and "2b - any public network". For instance, the service 'net' (for 2a= ) > and service 'inet' (for 2b). If this were the default case, then Cat.2 > packages that by default want to connect to the internet could 'need > inet', and then the user would only have to define which interfaces are > included (or excluded) from satisfying 'inet'. >=20 > The trick that I see here is that init.d scripts have to have their > 'depends' set up in such a way that the services can be separated based > on their need for public network or any network, so that the user > doesn't have to mess with those. By default I think it makes sense to > keep both the 'net' and 'inet' pools the same (ie, all ifaces but > net.lo*), but have a simple ability to separate interfaces from the > 'public net' pool in rc.conf when they do not provide a public network > connection. This boils down to the suggestion I made earlier. Using current terms: 1) Separate net.lo service for stuff that doesn't have to have an=20 external connection at all. 2) A default net (or net*) service that is is composed of all non-net.lo=20 services, with a default any-one-of-them policy. Two reasons for this: 2a) It'll "just work" in the simple case. 2b) It's the easiest to automatically preconfigure without getting into=20 lots of "detect all the networks and magically figure out whether they're= =20 lan-only or inet" hairballs. 3) Allow the user/admin to configure net1, net2... just like the default=20 net/net*, specifying individual interfaces for each as well as whether=20 one or all of the configured interfaces must be up for the service to be=20 provided. This way, a user/admin can provide narrower-than-all groupings as=20 necessary, including net.lo if it makes sense for them, tho the defaults=20 would be only one net.lo and the wildcard default-any-one-of-anything- else. --=20 Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman