Greg Smith wrote:
> Normal practice here is to set:
>
> listen_address='*'
>
> So that the server is remotely accessible from all of its interfaces,
> and then you can do all filtering of who can connect just via
> pg_hba.conf instead.
Just to expand on that:
listen_addresses is usually used if you want to do things like:
- Have the database running on a gateway host that's directly connected
to the Internet, but only permit connections to the database on the LAN
side, so even pre-auth exploits can't attack the database server from
the Internet side;
- Lock a cluster down to only be accessible from the local host, so
remote hosts can't even see it's running and can't attempt to talk to it; or
- Run multiple clusters on one host, each one bound to a different IP
address on the usual PostgreSQL port, so the machine hosting the
clusters looks like it's really multiple separate machines to outside users.
--
Craig Ringer
