Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

More fine grained control over client IPs allowed to connect to backend #339

Open
ijc opened this issue Mar 15, 2021 · 2 comments · May be fixed by #335
Open

More fine grained control over client IPs allowed to connect to backend #339

ijc opened this issue Mar 15, 2021 · 2 comments · May be fixed by #335
Labels
component:mythtv:general General Issues patch:feature This patch implements a new feature version:master Master Development Branch version:v33-fixes fixes/33
Milestone
33.0

Comments

@ijc
Copy link
Contributor

ijc commented Mar 15, 2021

Is your feature request related to a problem? Please describe.

Currently the choices for controlling the access to the backend are either:

  • Only IP addresses on a subnet which is local to the backend (i.e. the backend has an interface on that subnet)
  • Everyone (the AllowConnFromAll setting).

I have a setup with two subnets, the wired subnet where my combined mythtv backend/frontend lives and a wifi subnet where my sheildtv (running leanfront) lives.

Describe the solution you'd like

I'd like to be able to specify a list of subnets and/or host which are allowed to talk to the backend. I'd then either list the wifi subnet there or even better list exactly the shield's IP.

I've implemented this in #335.

Describe alternatives you've considered

  • Currently I have added an extra alias interface on the backend system so that it also appears on the wifi subnet. I'd rather keep the backend config simpler and avoid this
  • tcpd (/etc/hosts.{deny,allow}) support.
@ijc ijc linked a pull request Mar 15, 2021 that will close this issue
Open
6 tasks
@stuarta stuarta linked a pull request Mar 16, 2021 that will close this issue
Add new setting AllowConnFromSubnets #335
Open
6 tasks
@stuarta stuarta added component:mythtv:general General Issues patch:feature This patch implements a new feature version:master Master Development Branch version:v33-fixes fixes/33 labels Mar 16, 2021
@stuarta stuarta added this to the 32.0 milestone Mar 16, 2021
@bennettpeter
Copy link
Member

Home routers that I have used have the same subnet for wired and wireless. So likely this is not affecting very many people.

@ijc
Copy link
Contributor Author

ijc commented Mar 16, 2021

Oh, it'll surely be unusual in the world at large. Perhaps slightly less unusual in the more-than-averagely (?) technical mythtv crowd but still nowhere near the norm.

@stuarta stuarta modified the milestones: 32.0, 33.0 Feb 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component:mythtv:general General Issues patch:feature This patch implements a new feature version:master Master Development Branch version:v33-fixes fixes/33
Projects
None yet
Milestone
33.0
Development

Successfully merging a pull request may close this issue.

Add new setting AllowConnFromSubnets ijc/mythtv
3 participants
@stuarta @bennettpeter @ijc