On Wed, Jun 15, 2011 at 3:14 AM, Isaac <[email protected]> wrote: > just company rule,for security reason. > > e.g. 172.27.* for intranet communication, 8.8.* from this interface can > reach Internet. > > i know iptables and other firewall rules can avoid this, but rule is rule. > > I think others maybe encounter this problem, that's why clientPortAddress is > added in 3.3.0.
Yes, that's definitely the case. (I added it :-) ). FWIW, some background: the typical deployment scenario early in the life of ZK was inside a large datacenter, where everything had multiple levels of firewalls. There was never any concern about the binding behavior because ZK was put behind one of these firewalls, and only the client port was exposed. As the deployment scenarios have become more diverse (ec2 for example), there's been more interest in this type of functionality. Thanks for picking this up! Appreciated. Regards, Patrick
