1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA256 |
3 |
|
4 |
On 07/02/12 03:28 AM, Alexandre Rostovtsev wrote: |
5 |
> |
6 |
> If I want to connect to pool.ntp.org to sync the system clock, or |
7 |
> to my company's vpn gateway for telecommuting, or to tor to encrypt |
8 |
> my traffic, or to a dynamic dns provider to update my machine's |
9 |
> record, I do not care in the least which interface I use. |
10 |
|
11 |
|
12 |
This is not actually true. You care, in that you want to be sure that |
13 |
the iface connects to the internet (or at least the network that said |
14 |
target sits on). |
15 |
|
16 |
Many systems that have multiple interfaces have only some of them that |
17 |
route out to the rest of the world, and when depending on a generic |
18 |
'net' that includes -all- of them, it's more likely that the, say, |
19 |
static private net iface will be configured (and therefore 'net' |
20 |
considered started) significantly before the one that can route to the |
21 |
internet, and therefore ntp-client's attempts at connecting to |
22 |
pool.ntp.org will fail. |
23 |
|
24 |
I think that "Category 2" needs to be separated into "2a - any |
25 |
network", and "2b - any public network". For instance, the service |
26 |
'net' (for 2a) and service 'inet' (for 2b). If this were the default |
27 |
case, then Cat.2 packages that by default want to connect to the |
28 |
internet could 'need inet', and then the user would only have to |
29 |
define which interfaces are included (or excluded) from satisfying 'inet'. |
30 |
|
31 |
The trick that I see here is that init.d scripts have to have their |
32 |
'depends' set up in such a way that the services can be separated |
33 |
based on their need for public network or any network, so that the |
34 |
user doesn't have to mess with those. By default I think it makes |
35 |
sense to keep both the 'net' and 'inet' pools the same (ie, all ifaces |
36 |
but net.lo*), but have a simple ability to separate interfaces from |
37 |
the 'public net' pool in rc.conf when they do not provide a public |
38 |
network connection. |
39 |
|
40 |
-----BEGIN PGP SIGNATURE----- |
41 |
Version: GnuPG v2.0.17 (GNU/Linux) |
42 |
|
43 |
iF4EAREIAAYFAk8xN5IACgkQAJxUfCtlWe3hDQD+JKD7AWVep/+v8u7WcdP2ZbxB |
44 |
k9Vmo5NT39WqvWPP3TYA/ReAYy4nAyYC8nbc/dRO53LwXqEP9g8rf+0WJ/aPHXkW |
45 |
=2VMQ |
46 |
-----END PGP SIGNATURE----- |