[zeromq-dev] Fwd: Access control

Oliver Smith oliver at kfs.org
Wed Jul 28 04:39:27 CEST 2010


On 7/27/2010 12:13 PM, Martin Sustrik wrote:
> Well, I am not a security person, but I thought blocking particular IP
> addresses is more of an administrative task and should be done using
> firewall, no?
>    
If you are running under a Linux environment using ZeroMQ, there is no 
excuse for you not to send a message to a worker to create an ipchains 
or ipfw rule to block that address :) Of course, in doing so, you may 
wipe out an entire ISP that uses a NAT, but still.

And if you are running under Windows Server, they provide a quite 
sufficient API for firewalling.

A 2010-app(*) still needs to be security conscious, but it should not be 
re-implementing the firewall it lives behind :)

- Oliver

(* it doesn't live behind a firewall? That's so 1999)




More information about the zeromq-dev mailing list