Network.host default isn't just localhost


(Bruce) #1

I read in the document that by default elasticsearch 5.0 only binds & publishes to localhost which is a good security posture; however using Debian, I have found that is not the case.

If I leave network.host blank, it binds & publishes to every IP on the machine.

I have three devices (eth0, loopback & tun0). I want to bind & publish to the tun0 and lo, but not the eth0 interface. I have found no way to do that. I can get it to bind to every interface/IP address or only bind to one specific IP or interface but not two and exclude the third.

I have a simple solution "IPTables"; however it seems from your documentation that it's been compiled to only use the localhost by default and that's not the case.

Bruce


(Xavier Facq) #2

Hi,

Can you provide your elasticsearch.yml configuration ?

Did you read :
https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html
https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html#network-interface-values


(Bruce) #3

Hi Xavier,

Yes I did. That worked in 2.4 but on my debian box on 5.0 it didn't.

bmw


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.