Additional CLI sockets may now be restricted

This allows to have one main socket for the heavy operations very restricted just for the appropriate users, whereas the looking glass socket may be more open. Implemented an idea originally submitted and requested by Akamai.
author: Maria Matejka <mq@ucw.cz> 2024-06-24 13:46:12 +0200
committer: Ondrej Zajicek <santiago@crfreenet.org> 2024-06-27 04:14:39 +0200
commit: 08ff0af8986099e6fb1d8a94c7ce62c83e4df7f1 (patch)
tree: 27ff882ba340b197228b806dcc8206ec1673859f /doc
parent: f3b6661ddda9a9c2591444799ff88cd82621d06b (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/bird.sgml b/doc/bird.sgml
index 5acdf7c1..e2050c13 100644
--- a/doc/bird.sgml
+++ b/doc/bird.sgml
@@ -1253,6 +1253,11 @@ socket multiple times and BIRD may behave weirdly if this happens. On shutdown,
 the additional sockets get removed immediately and only the main socket stays
 until the very end.
 
+<p>The remote control socket can be also set as restricted by
+<cf/cli "name" { restrict; };/ instead of sending the <cf/restrict/ command
+after connecting. The user may still overload the daemon by requesting insanely
+complex filters so you shouldn't expose this socket to public anyway.
+
 <sect>Usage
 <label id="remote-control-usage">
author	Maria Matejka <mq@ucw.cz>	2024-06-24 13:46:12 +0200
committer	Ondrej Zajicek <santiago@crfreenet.org>	2024-06-27 04:14:39 +0200
commit	08ff0af8986099e6fb1d8a94c7ce62c83e4df7f1 (patch)
tree	27ff882ba340b197228b806dcc8206ec1673859f /doc
parent	f3b6661ddda9a9c2591444799ff88cd82621d06b (diff)