Network.host default isn't just localhost

bwink · November 15, 2016, 8:10pm

I read in the document that by default elasticsearch 5.0 only binds & publishes to localhost which is a good security posture; however using Debian, I have found that is not the case.

If I leave network.host blank, it binds & publishes to every IP on the machine.

I have three devices (eth0, loopback & tun0). I want to bind & publish to the tun0 and lo, but not the eth0 interface. I have found no way to do that. I can get it to bind to every interface/IP address or only bind to one specific IP or interface but not two and exclude the third.

I have a simple solution "IPTables"; however it seems from your documentation that it's been compiled to only use the localhost by default and that's not the case.

Bruce

xavierfacq · November 16, 2016, 10:30am

Hi,

Can you provide your elasticsearch.yml configuration ?

Did you read :
https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html
https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html#network-interface-values

bwink · November 23, 2016, 3:58pm

Hi Xavier,

Yes I did. That worked in 2.4 but on my debian box on 5.0 it didn't.

bmw

system · December 21, 2016, 3:58pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Is changing network.host necessary for cluster? Elasticsearch	5	2410	May 17, 2017
Expose API to loopback address in a cluster Elasticsearch	2	422	July 22, 2019
Network.host Configuration Elasticsearch	2	697	July 5, 2017
Elasticsearch binds to all interfaces even with network.host commented out Elasticsearch	5	221	May 29, 2023
Network.publish_host does not seem to do what it says it does Elasticsearch	7	4474	July 5, 2017

Network.host default isn't just localhost

Related topics