<div dir="ltr"><div><div><div><div>Yes, leaving out the -sname/-name option is enough. You can verify this by looking for open ports for "beam" processes with netstat:<br><br><div style="margin-left:40px"><span style="font-family:monospace,monospace">$ netstat -ltpn | grep beam</span><br></div><br></div>With -sname, it shows one open port:<br></div><div><br><div style="margin-left:40px"><span style="font-family:monospace,monospace">tcp 0 0 <a href="http://0.0.0.0:36551">0.0.0.0:36551</a> 0.0.0.0:* LISTEN 29262/beam.smp </span><br></div><br></div>Without -sname, it shows nothing.<br></div><div><br></div>Regards,<br></div>Magnus<br><br><div><div><div><br></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Apr 14, 2016 at 5:29 PM, Feiko Nanninga <span dir="ltr"><<a href="mailto:fnanninga@fnanninga.de" target="_blank">fnanninga@fnanninga.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">As it turns out, I can leave -sname/-name and -setcookie out in vm.args<br>
as long as I do not use relx's extended starting script.<br>
<br>
But will that be enough to keep other nodes from connecting?<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
On 14.04.2016 18:00, Feiko Nanninga wrote:<br>
> Hello,<br>
><br>
> I'd like to deploy a non-distributed application with a sane<br>
> security configuration (preferably using a relx release).<br>
><br>
> How can I entirely disable other nodes from connecting? Is there an<br>
> option to pass to erl (to add in vm.args)?. It seems using a release<br>
> requires me give the node a name and set a cookie. Now I can hope nobody<br>
> guesses the cookie or I can keep other users on the same system from<br>
> reading files which contain the cookie; but this is not a clean solution.<br>
><br>
> Would not setting -sname or -name achieve this goal?<br>
><br>
> Best regards,<br>
> Feiko<br>
><br>
><br>
> PS: If you don't provide vm.args yourself, relx generates one for you<br>
> with a predictable cookie. This is a BAD default.<br>
> _______________________________________________<br>
> erlang-questions mailing list<br>
> <a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a><br>
> <a href="http://erlang.org/mailman/listinfo/erlang-questions" rel="noreferrer" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
><br>
<br>
_______________________________________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" rel="noreferrer" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
</div></div></blockquote></div><br></div>