New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Listen on localhost instead of all available IPs #14

Open
wants to merge 2 commits into
base: master
from

Conversation

Projects
None yet
2 participants
@jlusiardi

jlusiardi commented Jun 23, 2018

For security reasons, i would prefer the brickd to listen on localhost as a default. A informed user can change it back (with security enabled) if required. For the simple use case of tinkering around for the first time this should be kind of an improvement.

jlusiardi added some commits Jun 23, 2018

@borg42

This comment has been minimized.

Member

borg42 commented Jun 26, 2018

Hello jlusiardi, thank you for your work.

The only big problem i see are Raspberry Pi (and similar) users that have Bricks/Bricklets connected to a RPi and control them from a PC. This is very common and i would like for this to work out of the box.

As far as i know it is not easily possible to allow connections from the local network but not from the internet, right?

@jlusiardi

This comment has been minimized.

jlusiardi commented Jun 26, 2018

Hello @borg42,

no problem at all. I see your point regarding the raspberry pi users. Would it then be possible to add hints to the pages regarding the installation of the brick daemon?

Regard
Joachim

@borg42

This comment has been minimized.

Member

borg42 commented Jun 26, 2018

I talked to @photron and he had the idea to that we could add a third "local net" option (next to 0.0.0.0 and 127.0.0.1) in the config. With this option the listen address would be 0.0.0.0, but if a connection is opened from an IP that is not in the local subnet the connection would immediately be closed again.

This third option could then be the default.

We would have to discover the currently used local IP (or multiple IPs in case that there is for example a Ethernet and WIFI connection) for this. But that doesn't actually sound unreasonable i think?

@jlusiardi

This comment has been minimized.

jlusiardi commented Jun 26, 2018

I have to admit, i am not sure where most of your devices are used and most brick daemons are installed.

When I opened the pull request I was also thinking about classrooms, labs and other occasions where there might be brick daemons in place. All of those might use the same local subnet.

In case of IPv6 there isn't really a concept of local networks, i guess.

@borg42

This comment has been minimized.

Member

borg42 commented Jun 26, 2018

I understand your concern and i agree that there are probably very few people that change any of the default configurations.

To add some rationale to my objections: We are currently working on generic linux support for Bricklets and on Raspberry Pi Hats that directly support (the new co-processor 2.0 type of) Bricklets. With this new software and the new products a RPi (or other linux boards) can be used as a replacement for a Master Brick+Ethernet/WIFI Extension. For that the Bricklets connected to the RPi need to be at least reachable by a PC in the same network.

@jlusiardi

This comment has been minimized.

jlusiardi commented Jun 26, 2018

Ok, so as I proposed in my 2nd comment, perhaps just add some hints in the documentation? Would be fine for me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment