qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aidan Skinner <aidan.skin...@gmail.com>
Subject Re: IP Whitelisting
Date Thu, 12 Feb 2009 18:35:38 GMT
On Thu, Feb 12, 2009 at 6:36 PM, Gordon Sim <gsim@redhat.com> wrote:

> Aidan Skinner wrote:
>>
>> I've been writing up a proposed implementation for adding IP
>> Whitelisting to the Java broker on the wiki at
>> http://qpid.apache.org/ip-whitelisting.html
>>
>> Feedback gratefully received.
>
> What are the advantages of doing this in the broker as opposed to using a
> separate firewall?

Primarily that it's possible to restrict access to a particular
virtualhost, rather than the whole broker. As a secondary benefit it's
possible to reconfigure without having to restart the network stack
and drop existing connections.

Personally, I'd be running different virtualhosts in different
instances and using the firewall but that's me. There's a particular
user that requested this functionality who sees things differently and
doesn't necessarily have access to the firewall on those machines in
any case.

- Aidan

-- 
Apache Qpid - World Domination through Advanced Message Queueing
http://qpid.apache.org

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org


Mime
View raw message