Restricting TCP/IP access to localhost or LAN host
One of the simplest things we can do to secure our system is to operate our Zope 2 instances only on the IP addresses that they are required to listen on.
In most cases, it is 127.0.0.1 (or localhost, as it is commonly referred to) but it can also be a LAN host that is a private, non-routable IP address used only on your local area network (LAN).
In this chapter, we will not cover LAN hosts. However, we suggest you consider using them when you need to access instances from another host on the LAN; otherwise, just use localhost.
In the case of LAN hosts, once configured, they will protect ports from being accessed by the outside world (that is Internet). However, it will allow them to be accessible from the LAN where you may want to configure monitoring, for example via Munin (covered in Chapter 6), Zenoss (http://community.zenoss.org), and so on.
What we will cover is how to use the localhost IP address.
In 07-security-localhost.cfg, we have...
