Lennart Poettering

7️⃣ Here's the 7th post highlighting key new features of the upcoming v260 release of systemd. #systemd260 #systemd

Sometimes it's useful to bind a specific service to a certain network interface – all of it, at once. With v260 there's a new knob for that: BindNetworkInterface= can be configured in service units, and will cause all sockets of the service to be bound to the specified network interface, without a chance to use any other.

This is particularly useful in VRF contexts, …

Mar 10 at 10:19pmWeb
Show threadLennart PoetteringMar 10
… as it allows assigning a service a VRF interface, and thus it's own private routing table, but it actually works with any network interface (in case you are not aware of VRF → it stands for Virtual Routing Function, and it is Linux style fancy networking with synthetic network interfaces that basically are handles into alternative routing tables.)
Show threadLillyMar 10
@pid_eins if I understand this correctly, that would also allow services that bind on 0.0.0.0 to actually only bind to that one interface too, right?
that's really neat :3
Show threadKevin P. FlemingMar 10
@lilly @pid_eins Also it should mean the ability to explicitly control the address used for outbound connections even if the service has no ability to configure that.
Show threadkloenkMar 10
@pid_eins find the naming somewhat confusing. Have a use for a services that goes only goes up if an interface is present. Think that was also called Binds and just to the device unit so misparsed this at first
Show threadFelix PehlaMar 10
@pid_eins That would make forcing services to only establish connections through wireguard much more convenient. Neat!
Show threadErin 💽✨4d ago
@pid_eins does it impact sockets the service binds or socket units (or both)?

This is something I've been hoping for though!