-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: add settings flag to disable inbound TCP/UDP nodes #3902
Comments
Ideally this setting should also be available to other nodes to query that may also expose their own TCP/UDP ports for example the Email MTA node |
Is this intended to be a global indicator of "don't bother to offer this node if inbound connection isn't allowed" - or a specific flag per node (one for udp, one for tcp, one for email - etc ) ? In the first case as it is then down to individual nodes to implement the flag needs to make clear it is more of an indication that can be followed rather than a hard rule. |
I think a single global flag indicating that the environment doesn't support inbound connections are not available is the right approach. |
I agree (with @hardillb ) - though is it true all the time ? can I have internal (localhost) connections from another process ? Or is that sufficiently edge-case that it doesn't matter ? (I suppose worst case the setting could be turned off :-) even if the external firewall blocked any external connections) And would I maybe want to deny all raw tcp/udp but allow email (as per above? ) |
The flag is just informational about the node-red environment it would still be up to the node developer to decide what to do with that information. In terms of localhost I think that would always be allowed but again this is up to the node developer, if the node just listens on localhost they may not even consult the flag. The email example I was using was that it listens on port25 as an SMTP server, so although it doesn't explicitly say in the node that its a TCP server the developer would know that it is. |
The main requirement is a way to disable (non-http) inbound connections in the core nodes. We have other ways of disabling/blocking extra modules that can be done administratively (and doesn't require the node author to had adopted this setting). The scenario of allowing some connections but not others is out of scope of what is being proposed here.That would require the node UI to allow inbound to be configured, but then have additional validation to allow only certain values. |
ok - so more of http(s) connections only flag. Aha - as Nick just said - "disable (non-http) inbound connections" |
So does this just disable them ? or stop them appearing in the editor palette (IE can't be used) ? EG if I import a flow with existing (or new) tcp in node in - will it somehow get disabled (dotted) ? or be "unknown". |
The problem we have is the TCP nodes can act in both inbound and outbound mode - we don't have separate nodes for the different 'directions'. So it isn't just a case of disabling a node (which we could already do). The purpose of the flag would be to tell the TCP/UDP nodes not to offer the inbound configuration options. In terms of importing a flow with a node configured for inbound connections - the node validation logic in the editor would be able to flag it as an invalid configuration. |
In some hosted environments it isn't desirable to expose the core TCP/UDP nodes that allow inbound connections. However, those nodes also support outbound connections - which is supported in hosted environments.
For example, the IBM Cloud hosted instance disabled the TCP/UDP nodes and replaced them with custom nodes that used the same node types, but only supported outbound connections. Those forked nodes then inevitably fell behind the core nodes.
It would be better if the core nodes supported this use case and provided a means (via the settings file) to disable their inbound modes.
The text was updated successfully, but these errors were encountered: