You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by Aidan Skinner <ai...@apache.org> on 2009/02/02 16:28:29 UTC

IP Whitelisting

Hi,

I've been writing up a proposed implementation for adding IP
Whitelisting to the Java broker on the wiki at
http://qpid.apache.org/ip-whitelisting.html

Feedback gratefully received.

- Aidan (also, possibly a snowmobile if this weather keeps up)
-- 
Apache Qpid - World Domination through Advanced Message Queueing
http://qpid.apache.org

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org

Re: IP Whitelisting

Posted by Aidan Skinner <ai...@gmail.com>.

On Thu, Feb 12, 2009 at 6:36 PM, Gordon Sim <gs...@redhat.com> wrote:

> Aidan Skinner wrote:
>>
>> I've been writing up a proposed implementation for adding IP
>> Whitelisting to the Java broker on the wiki at
>> http://qpid.apache.org/ip-whitelisting.html
>>
>> Feedback gratefully received.
>
> What are the advantages of doing this in the broker as opposed to using a
> separate firewall?

Primarily that it's possible to restrict access to a particular
virtualhost, rather than the whole broker. As a secondary benefit it's
possible to reconfigure without having to restart the network stack
and drop existing connections.

Personally, I'd be running different virtualhosts in different
instances and using the firewall but that's me. There's a particular
user that requested this functionality who sees things differently and
doesn't necessarily have access to the firewall on those machines in
any case.

- Aidan

-- 
Apache Qpid - World Domination through Advanced Message Queueing
http://qpid.apache.org

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org

Re: IP Whitelisting

Posted by Gordon Sim <gs...@redhat.com>.

Aidan Skinner wrote:
> I've been writing up a proposed implementation for adding IP
> Whitelisting to the Java broker on the wiki at
> http://qpid.apache.org/ip-whitelisting.html
> 
> Feedback gratefully received.

What are the advantages of doing this in the broker as opposed to using 
a separate firewall?



---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org