Network.host default isn't just localhost

bwink · November 15, 2016, 8:10pm

I read in the document that by default elasticsearch 5.0 only binds & publishes to localhost which is a good security posture; however using Debian, I have found that is not the case.

If I leave network.host blank, it binds & publishes to every IP on the machine.

I have three devices (eth0, loopback & tun0). I want to bind & publish to the tun0 and lo, but not the eth0 interface. I have found no way to do that. I can get it to bind to every interface/IP address or only bind to one specific IP or interface but not two and exclude the third.

I have a simple solution "IPTables"; however it seems from your documentation that it's been compiled to only use the localhost by default and that's not the case.

Bruce

xavierfacq · November 16, 2016, 10:30am

Hi,

Can you provide your elasticsearch.yml configuration ?

Did you read :
https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html
https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html#network-interface-values

bwink · November 23, 2016, 3:58pm

Hi Xavier,

Yes I did. That worked in 2.4 but on my debian box on 5.0 it didn't.

bmw

Topic		Replies	Views
Elasticsearch binds to all interfaces even with network.host commented out Elasticsearch	5	315	May 29, 2023
ES 2.1 only bind on localhost Elasticsearch	11	4134	July 5, 2017
ES 2.0 network config options Elasticsearch	8	1970	July 5, 2017
Elasticsearch only binds to localhost but not IP / hostname / fqdn hostname - WHY? Elasticsearch	8	2736	March 23, 2021
To run Elastic Search on localhost Elasticsearch	3	1152	July 6, 2017

Network.host default isn't just localhost

Related topics