public inbox for [email protected]
help / color / mirror / Atom feedAllow connections by IP address?
4+ messages / 3 participants
[nested] [flat]
* Allow connections by IP address?
@ 2025-09-11 16:21 Ron Johnson <[email protected]>
0 siblings, 1 reply; 4+ messages in thread
From: Ron Johnson @ 2025-09-11 16:21 UTC (permalink / raw)
To: pgsql-admin
PG 17.latest
My server has two IP addresses:
10.1.2.3.4
10.1.2.3.5 (a VIP)
Some connections should only come in through the VIP, while others (like
replication) must come in through .4 and others (f.e. administrators, can
come in from .4 or .5).
Is there any way to restrict that? I don't see anything in
https://www.postgresql.org/docs/17/auth-pg-hba-conf.html but may be
overlooking something.
(Why don't we use a connection pooler? The 3rd party application has only
been validated against direct connections to PG. Bugs in PgPool caused
problems in prod.)
--
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!
^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: Allow connections by IP address?
@ 2025-09-16 23:40 李明 <[email protected]>
parent: Ron Johnson <[email protected]>
0 siblings, 1 reply; 4+ messages in thread
From: 李明 @ 2025-09-16 23:40 UTC (permalink / raw)
To: Ron Johnson <[email protected]>; +Cc: pgsql-admin
Maybe you can set the allowed ips with listen_address in postgresql.conf.
More,through network admin can achieve your aim more efficiency.
> 在 2025年9月12日,00:21,Ron Johnson <[email protected]> 写道:
>
>
> PG 17.latest
>
> My server has two IP addresses:
> 10.1.2.3.4
> 10.1.2.3.5 (a VIP)
>
> Some connections should only come in through the VIP, while others (like replication) must come in through .4 and others (f.e. administrators, can come in from .4 or .5).
>
> Is there any way to restrict that? I don't see anything in https://www.postgresql.org/docs/17/auth-pg-hba-conf.html but may be overlooking something.
>
> (Why don't we use a connection pooler? The 3rd party application has only been validated against direct connections to PG. Bugs in PgPool caused problems in prod.)
>
> --
> Death to <Redacted>, and butter sauce.
> Don't boil me, I'm still alive.
> <Redacted> lobster!
^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: Allow connections by IP address?
@ 2025-09-17 08:27 kaido vaikla <[email protected]>
parent: 李明 <[email protected]>
0 siblings, 1 reply; 4+ messages in thread
From: kaido vaikla @ 2025-09-17 08:27 UTC (permalink / raw)
To: 李明 <[email protected]>; +Cc: Ron Johnson <[email protected]>; pgsql-admin
Maybe this way.
Create a roles like
gr_4
gr_5
gr_4_5
grant roles by needs to users and define roles in pg_hba.conf (USER: +gr_4).
br
Kaido
^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: Allow connections by IP address?
@ 2025-09-17 09:27 kaido vaikla <[email protected]>
parent: kaido vaikla <[email protected]>
0 siblings, 0 replies; 4+ messages in thread
From: kaido vaikla @ 2025-09-17 09:27 UTC (permalink / raw)
To: 李明 <[email protected]>; +Cc: Ron Johnson <[email protected]>; pgsql-admin
@Ron, ignore my last email, i misunderstand your problem.
br
Kaido
^ permalink raw reply [nested|flat] 4+ messages in thread
end of thread, other threads:[~2025-09-17 09:27 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2025-09-11 16:21 Allow connections by IP address? Ron Johnson <[email protected]>
2025-09-16 23:40 ` 李明 <[email protected]>
2025-09-17 08:27 ` kaido vaikla <[email protected]>
2025-09-17 09:27 ` kaido vaikla <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox