Content-Type: multipart/alternative;
 boundary=Apple-Mail-576B0BCC-B7A1-41C6-826D-D9B3B7FEDD0D
Content-Transfer-Encoding: 7bit
From: =?utf-8?B?5p2O5piO?= <liming185216@126.com>
Mime-Version: 1.0 (1.0)
Subject: Re: Allow connections by IP address?
Date: Wed, 17 Sep 2025 07:40:17 +0800
Message-Id: <2DFE4EC0-7374-4D5E-BC05-49530F7015A0@126.com>
References: 
 <CANzqJaBD0vqs6=ovHOjUF4SV80pBx6A-1kZ8mwcryJq2bjFH2g@mail.gmail.com>
Cc: pgsql-admin <pgsql-admin@postgresql.org>
In-Reply-To: 
 <CANzqJaBD0vqs6=ovHOjUF4SV80pBx6A-1kZ8mwcryJq2bjFH2g@mail.gmail.com>
To: Ron Johnson <ronljohnsonjr@gmail.com>
Archived-At: 
 <https://www.postgresql.org/message-id/2DFE4EC0-7374-4D5E-BC05-49530F7015A0%40126.com>
Precedence: bulk


--Apple-Mail-576B0BCC-B7A1-41C6-826D-D9B3B7FEDD0D
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable


Maybe you can set the allowed ips with listen_address in postgresql.conf.

More,through network admin can achieve your aim more efficiency.

> =E5=9C=A8 2025=E5=B9=B49=E6=9C=8812=E6=97=A5=EF=BC=8C00:21=EF=BC=8CRon Joh=
nson <ronljohnsonjr@gmail.com> =E5=86=99=E9=81=93=EF=BC=9A
>=20
> =EF=BB=BF
> PG 17.latest
>=20
> My server has two IP addresses:
> 10.1.2.3.4
> 10.1.2.3.5 (a VIP)
>=20
> Some connections should only come in through the VIP, while others (like r=
eplication) must come in through .4 and others (f.e. administrators, can com=
e in from .4 or .5).
>=20
> Is there any way to restrict that?  I don't see anything in https://www.po=
stgresql.org/docs/17/auth-pg-hba-conf.html but may be overlooking something.=

>=20
> (Why don't we use a connection pooler?  The 3rd party application has only=
 been validated against direct connections to PG. Bugs in PgPool caused prob=
lems in prod.)
>=20
> --=20
> Death to <Redacted>, and butter sauce.
> Don't boil me, I'm still alive.
> <Redacted> lobster!

--Apple-Mail-576B0BCC-B7A1-41C6-826D-D9B3B7FEDD0D
Content-Type: text/html;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><head><meta http-equiv=3D"content-type" content=3D"text/html; charset=3D=
utf-8"></head><body dir=3D"auto"><br>Maybe you can set the allowed ips with l=
isten_address in postgresql.conf.<div><br></div><div>More,through network ad=
min can achieve your aim more efficiency.<br><div dir=3D"ltr"><br><blockquot=
e type=3D"cite">=E5=9C=A8 2025=E5=B9=B49=E6=9C=8812=E6=97=A5=EF=BC=8C00:21=EF=
=BC=8CRon Johnson &lt;ronljohnsonjr@gmail.com&gt; =E5=86=99=E9=81=93=EF=BC=9A=
<br><br></blockquote></div><blockquote type=3D"cite"><div dir=3D"ltr">=EF=BB=
=BF<div dir=3D"ltr"><div>PG 17.latest</div><div><br></div><div>My server has=
 two IP addresses:</div><div>10.1.2.3.4</div><div>10.1.2.3.5 (a VIP)</div><d=
iv><br></div><div>Some connections should only come in through the VIP, whil=
e others (like replication) must come in through .4 and others (f.e. adminis=
trators, can come in from .4 or .5).</div><div><br></div><div>Is there any w=
ay to restrict that?&nbsp; I don't see anything in&nbsp;<a href=3D"https://w=
ww.postgresql.org/docs/17/auth-pg-hba-conf.html">https://www.postgresql.org/=
docs/17/auth-pg-hba-conf.html</a> but may be overlooking something.</div><di=
v><br></div><div>(Why don't we use a connection pooler?&nbsp; The 3rd party a=
pplication has only been validated against direct&nbsp;connections to PG. Bu=
gs in PgPool caused problems in&nbsp;prod.)</div><div><br></div><span class=3D=
"gmail_signature_prefix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signa=
ture" data-smartmail=3D"gmail_signature"><div dir=3D"ltr">Death to &lt;Redac=
ted&gt;, and butter sauce.<div>Don't boil me, I'm still alive.<br><div><div>=
&lt;Redacted&gt; lobster!</div></div></div></div></div></div>
</div></blockquote></div></body></html>=

--Apple-Mail-576B0BCC-B7A1-41C6-826D-D9B3B7FEDD0D--