Hi Serghei,
>
> Hi guys.
>
> In my config file there is a string:
> log 127.0.0.1 local6 info
> After haproxy restart i receive UDP listener which listens on
> *:<non-priv port>.
> Is there a way to restrict it to some interface/address?
> 127.0.0.1 for example?
It's not currently possible to restrict this UDP socket afaict.
We should probably implement a "source" argument for the log keyword here,
binding the UDP socket to that IP locally. We can then also force a box with
multiple routable IP addresses to use a specific IP address for logging and
it will also allow to restrict the UDP socket to localhost (by specifying
source 127.0.0.1).
Anyway, there is no security issue here, haproxy calls shutdown() on this
socket at the beginning, so incoming udp traffic on this particular socket
is dropped early (never makes it to the application).
Regards,
Lukas
