From db7fc166ed21edf61f5d6ba8615a68caec19dd81 Mon Sep 17 00:00:00 2001 From: Tomas Krizek Date: Wed, 22 May 2019 13:42:25 +0200 Subject: [PATCH] systemd: omit unneeded IP from ListenStream/Datagram --- daemon/bindings/net.rst | 8 ++++---- systemd/kresd-doh.socket.d/all-interfaces.conf | 5 ++--- systemd/kresd-tls.socket.d/all-interfaces.conf | 5 ++--- systemd/kresd.socket.d/all-interfaces.conf | 6 +++--- systemd/kresd.systemd.7.in | 12 ++++++------ 5 files changed, 17 insertions(+), 19 deletions(-) diff --git a/daemon/bindings/net.rst b/daemon/bindings/net.rst index 1109ed114..5a55181fe 100644 --- a/daemon/bindings/net.rst +++ b/daemon/bindings/net.rst @@ -78,7 +78,7 @@ distribution. It is also possible to check resulting configuration using The default localhost interface/port can also be removed/overriden by using an empty ``ListenDatagram=`` or ``ListenStream=`` directive. This can be used when you want to configure kresd to listen on all IPv4/IPv6 network interfaces (if -you've disabled IPv6 support in kernel, use ``0.0.0.0`` instead of ``[::]`` ). +you've disabled IPv6 support in kernel, use ``0.0.0.0:port`` instead`` ). .. code-block:: none @@ -86,8 +86,8 @@ you've disabled IPv6 support in kernel, use ``0.0.0.0`` instead of ``[::]`` ). [Socket] ListenDatagram= ListenStream= - ListenDatagram=[::]:53 - ListenStream=[::]:53 + ListenDatagram=53 + ListenStream=53 .. note:: Using IPv6 to bind to IPv4 interfaces is currently not compatible with IPv4 syntax in ``view:addr()`` when using the ``view`` module. For @@ -145,7 +145,7 @@ on port 443, create the following drop-in file for ``kresd-doh.socket``: # /etc/systemd/system/kresd-doh.socket.d/override.conf [Socket] ListenStream= - ListenStream=[::]:443 + ListenStream=443 Make sure no other service is using port 443, as that will result in unpredictable behaviour. Alternately, you can use port 44353 where a collision diff --git a/systemd/kresd-doh.socket.d/all-interfaces.conf b/systemd/kresd-doh.socket.d/all-interfaces.conf index 636190994..6df2bfee6 100644 --- a/systemd/kresd-doh.socket.d/all-interfaces.conf +++ b/systemd/kresd-doh.socket.d/all-interfaces.conf @@ -3,9 +3,8 @@ # Configure kresd-doh.socket to listen on all IPv4 and IPv6 interfaces. # Empty ListenStream= directive is required to avoid port clash with default -# localhost. If you've disabled IPv6 support in kernel, use 0.0.0.0 instead of -# [::] +# localhost. If you've disabled IPv6 support in kernel, use 0.0.0.0:port instead [Socket] ListenStream= -ListenStream=[::]:443 +ListenStream=443 diff --git a/systemd/kresd-tls.socket.d/all-interfaces.conf b/systemd/kresd-tls.socket.d/all-interfaces.conf index 7607f267b..3d9d74aa5 100644 --- a/systemd/kresd-tls.socket.d/all-interfaces.conf +++ b/systemd/kresd-tls.socket.d/all-interfaces.conf @@ -3,9 +3,8 @@ # Configure kresd-tls.socket to listen on all IPv4 and IPv6 interfaces. # Empty ListenStream= directive is required to avoid port clash with default -# localhost. If you've disabled IPv6 support in kernel, use 0.0.0.0 instead of -# [::] +# localhost. If you've disabled IPv6 support in kernel, use 0.0.0.0:port instead [Socket] ListenStream= -ListenStream=[::]:853 +ListenStream=853 diff --git a/systemd/kresd.socket.d/all-interfaces.conf b/systemd/kresd.socket.d/all-interfaces.conf index c077d9ea0..bbe2eedcb 100644 --- a/systemd/kresd.socket.d/all-interfaces.conf +++ b/systemd/kresd.socket.d/all-interfaces.conf @@ -4,10 +4,10 @@ # Empty ListenDatagram= and ListenStream= directives are required to avoid port # clash with default localhost. If you've disabled IPv6 support in kernel, use -# 0.0.0.0 instead of [::] +# 0.0.0.0:port instead [Socket] ListenDatagram= ListenStream= -ListenDatagram=[::]:53 -ListenStream=[::]:53 +ListenDatagram=53 +ListenStream=53 diff --git a/systemd/kresd.systemd.7.in b/systemd/kresd.systemd.7.in index 32b28d271..d1f815cda 100644 --- a/systemd/kresd.systemd.7.in +++ b/systemd/kresd.systemd.7.in @@ -84,8 +84,8 @@ ListenStream=192.0.2.115:853 To configure \fBkresd\fR to listen on all IPv4 and IPv6 interfaces, use empty \fIListenDatagram=\fR and \fIListenStream=\fR directives to remove the default -localhost address and then bind to the [::] address. If you've disabled IPv6 -support in kernel, use the 0.0.0.0 address instead. +localhost address and then specify port to bind to. If you've disabled IPv6 +support in kernel, use the 0.0.0.0:port syntax instead. .nf .RS 4n @@ -93,13 +93,13 @@ support in kernel, use the 0.0.0.0 address instead. [Socket] ListenDatagram= ListenStream= -ListenDatagram=[::]:53 -ListenStream=[::]:53 +ListenDatagram=53 +ListenStream=53 # /etc/systemd/system/kresd-tls.socket.d/override.conf [Socket] ListenStream= -ListenStream=[::]:853 +ListenStream=853 .RE .fi @@ -122,7 +122,7 @@ on port 443, create the following drop-in file for \fBkresd-doh.socket\fR: # /etc/systemd/system/kresd-doh.socket.d/override.conf [Socket] ListenStream= -ListenStream=[::]:443 +ListenStream=443 .RE .fi -- 2.47.2