salt/auth event should contain IP data #24580
Comments
|
@clinta Why not configure iptables to reject any communication with your master. You can filter based on your network range. |
|
I'm not sure if we can get this data from ZeroMQ. We wouldn't want to rely on the minion to send it in the auth request, since it could be easily faked. We'll have to see what we can pull off the socket on the master side. |
cachedout
added
the
Feature
cachedout
added
the
Pending-Discussion
|
I don't believe there's a way at the network level to distinguish authorization requests form normal minion/master communication. I need minions from roaming laptops to be able to connect to the master over the internet. |
jfindlay
added
Core
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue. |
I'd like to create a reactor that automatically approves minions that come from my internal network. But the salt/auth event does not contain any network data. An IP field which contains the IP address that the request is coming from would allow approval based on networks.
The text was updated successfully, but these errors were encountered: