| 1 |
Ian Stakenvicius posted on Tue, 07 Feb 2012 09:39:14 -0500 as excerpted: |
| 2 |
|
| 3 |
> I think that "Category 2" needs to be separated into "2a - any network", |
| 4 |
> and "2b - any public network". For instance, the service 'net' (for 2a) |
| 5 |
> and service 'inet' (for 2b). If this were the default case, then Cat.2 |
| 6 |
> packages that by default want to connect to the internet could 'need |
| 7 |
> inet', and then the user would only have to define which interfaces are |
| 8 |
> included (or excluded) from satisfying 'inet'. |
| 9 |
> |
| 10 |
> The trick that I see here is that init.d scripts have to have their |
| 11 |
> 'depends' set up in such a way that the services can be separated based |
| 12 |
> on their need for public network or any network, so that the user |
| 13 |
> doesn't have to mess with those. By default I think it makes sense to |
| 14 |
> keep both the 'net' and 'inet' pools the same (ie, all ifaces but |
| 15 |
> net.lo*), but have a simple ability to separate interfaces from the |
| 16 |
> 'public net' pool in rc.conf when they do not provide a public network |
| 17 |
> connection. |
| 18 |
|
| 19 |
This boils down to the suggestion I made earlier. Using current terms: |
| 20 |
|
| 21 |
1) Separate net.lo service for stuff that doesn't have to have an |
| 22 |
external connection at all. |
| 23 |
|
| 24 |
2) A default net (or net*) service that is is composed of all non-net.lo |
| 25 |
services, with a default any-one-of-them policy. Two reasons for this: |
| 26 |
|
| 27 |
2a) It'll "just work" in the simple case. |
| 28 |
|
| 29 |
2b) It's the easiest to automatically preconfigure without getting into |
| 30 |
lots of "detect all the networks and magically figure out whether they're |
| 31 |
lan-only or inet" hairballs. |
| 32 |
|
| 33 |
3) Allow the user/admin to configure net1, net2... just like the default |
| 34 |
net/net*, specifying individual interfaces for each as well as whether |
| 35 |
one or all of the configured interfaces must be up for the service to be |
| 36 |
provided. |
| 37 |
|
| 38 |
This way, a user/admin can provide narrower-than-all groupings as |
| 39 |
necessary, including net.lo if it makes sense for them, tho the defaults |
| 40 |
would be only one net.lo and the wildcard default-any-one-of-anything- |
| 41 |
else. |
| 42 |
|
| 43 |
-- |
| 44 |
Duncan - List replies preferred. No HTML msgs. |
| 45 |
"Every nonfree program has a lord, a master -- |
| 46 |
and if you use the program, he is your master." Richard Stallman |
Archives