Question: Any reason default-listener-ip default value is 127.0.0.1 instead of 0.0.0.0 ?

[smoya]

I see a common pattern where you know how many dynamic ports will be discovered (Let's say I know only 4 brokers will be discovered) and want to control which ports are opened to the outside. For that reason, you can configure dynamic-sequential-min-port to a known value, so you know which 4 ports will be used.

Also you might want to do a health check based on such ports, so an external call will be made to those ports.

The default value for the dynamic listeners IP (default-listener-ip default) is set to 127.0.0.1. I understand 127.0.0.1 only binds to local network interface, meanwhile 0.0.0.0 to all network interfaces. In that case, binding to 127.0.0.1 won't help for external calls as they won't reach the app. However, 0.0.0.0 will work.

Is there any reason 127.0.0.1 is configured as default instead of 0.0.0.0 that fits all use cases? Is there a strong security concern?

Thanks! (Love the work you do here!)

[everesio]

AFAIR I had no special reasons to use 127.0.0.1 instead of 0.0.0.0. I could simply change the default if this is more convenient than always provide --default-listener-ip 0.0.0.0

[smoya]

@everesio thanks for your answer. I think the default value should be changed to 0.0.0.0 to avoid undesired behaviours by default, especially considering the change is not really a breaking change in terms of networking.

I can make that PR if you are happy.

[everesio]

@smoya Please go ahead and create a PR.

[smoya]

@everesio I opened https://github.com/grepplabs/kafka-proxy/pull/95.