Network.host default isn't just localhost

I read in the document that by default elasticsearch 5.0 only binds & publishes to localhost which is a good security posture; however using Debian, I have found that is not the case.

If I leave network.host blank, it binds & publishes to every IP on the machine.

I have three devices (eth0, loopback & tun0). I want to bind & publish to the tun0 and lo, but not the eth0 interface. I have found no way to do that. I can get it to bind to every interface/IP address or only bind to one specific IP or interface but not two and exclude the third.

I have a simple solution "IPTables"; however it seems from your documentation that it's been compiled to only use the localhost by default and that's not the case.

Bruce

Hi,

Can you provide your elasticsearch.yml configuration ?

Did you read :
https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html
https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html#network-interface-values

Hi Xavier,

Yes I did. That worked in 2.4 but on my debian box on 5.0 it didn't.

bmw

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.