Bind which is insecure

Thoughts on Industrial Computing. Or sometimes economics or music or trail runnning or carpentry. Employee of Datto.

Proud New Englander and Schaghticoke. Site is my own. Menu Skip to content Home About. Search for:. But it works, dammit. When I was working on my environment, I was seeing the following in a packet trace when attempting remote nslookups: ICMP Destination unreachable Host administratively prohibited Local worked fine.

Pinging the IP worked fine. But dig? Introducing your newest Linux security nemesis… Firewalld. Jun 23 dns. Share this: Twitter Facebook. Like this: Like Loading Pro tip, install the bash-completion package, then firewall-cmd will be very easy to use or systemctl, or journalctl, … Like Like. Nice tips there! Leave a Reply Cancel reply Enter your comment here There's not much reason or benefit of a default 0.

It's not security vs usability, since the intended use-case is clear. Makes a great k8s for appliances - develop your IoT apps for k8s and deploy them to MicroK8s on your boxes. That probably means the api binding to 0. I'd welcome your thoughts? The default should be secure but also configurable - localhost. Then it should provide the option to bind to 0. Thank you all for your input. Those of you who had a bad user experience please accept my appologies. We all want to have this issue resolved; to do so we need to move forward with PR StephanX , thank you for presenting the low-security approach.

I would really appreciate if you could deploy MicroK8s from channel 1. The security issues are always a concern. I have to thank you, because by speaking out loud you give us the oportunity to improve MicroK8s. Using localhost for everything sounds OK. I've been using microk8s exclusively in local VMs to get a more repeatable network environment as a result of that bug, which also mitigates exposure to the bind issue.

I tried installing 1. Several issues I found:. Tried installing a helm chart and also got a dial tcp I see in PR 88 it is refering to a static password file for access.

Thats fine for user access, but what about appapp? Binding to localhost is better but you are still vulnerable to dns rebinding attacks. Can this be a unix socket file like how docker does it? If not can it be secured using actual credentials? Closing this since insecure port was bound to Skip to content. Star 5.

New issue. Jump to bottom. Linked pull requests. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. Asked 11 months ago. Active 5 months ago. Viewed times. Improve this question. Dave M. Add a comment. Active Oldest Votes. Improve this answer. Sign up or log in Sign up using Google.

Sign up using Facebook. Sign up using Email and Password.