It seems that the poolcounter service listens on 0.0.0.0 by default and there is no way to override it, say to 127.0.0.1.
Description
Related Objects
- Mentioned Here
- rMSPC112a76152ef6: Only listen on localhost by default
Event Timeline
Maybe you're using an old version? In 1.1.0 I did rMSPC112a76152ef6: Only listen on localhost by default so it listens on localhost by default. I believe the Debian package systemd unit ships with -l 0.0.0.0, but you can override that however you override systemd units.
Probably I was looking at an older version.
Overwriting ExecStart isn't the most trivial thing to do. Why does the debian package have an insecure default?
You got me, same reason just in the other direction :) And Wikimedia production uses the Debian package and needs to listen on 0.0.0.0. Tbh I wonder if we're going to keep using the Debian package or eventually containerize it.
In any case, I'll add it to my todo list to make the package secure by default and figure out how to fix it in prod for bookworm.