Hi Serghei, > > Hi guys. > > In my config file there is a string: > log 127.0.0.1 local6 info > After haproxy restart i receive UDP listener which listens on > *:<non-priv port>. > Is there a way to restrict it to some interface/address? > 127.0.0.1 for example?
It's not currently possible to restrict this UDP socket afaict. We should probably implement a "source" argument for the log keyword here, binding the UDP socket to that IP locally. We can then also force a box with multiple routable IP addresses to use a specific IP address for logging and it will also allow to restrict the UDP socket to localhost (by specifying source 127.0.0.1). Anyway, there is no security issue here, haproxy calls shutdown() on this socket at the beginning, so incoming udp traffic on this particular socket is dropped early (never makes it to the application). Regards, Lukas