Restricting Message Flow
Routing daemons can be very selective in allowing messages to flow between networks. Network administrators can use this selectivity in several important ways:
| • | Restrict sensitive information to particular networks. |
| • | Limit the volume of messages between networks. |
| • | Constrain information to flow in only one direction between two networks. |
Restricting Messages by Service or Port
For coarse-grained control over information flow, limit communication between networks to particular UDP services.
Recall that Rendezvous programs can segregate messages by specifying the service parameter to the transport creation function. The UDP service is part of the definition of a local network; the routing daemon exchanges with its neighbors only information that arrives on the designated service.
For example, if your organization adopts a convention to send sensitive information via particular UDP services, then you can use the routing daemon to regulate (or even completely disable) the import and export of messages sent via those services.
Restricting Messages by Subject Name
For fine-grained control over all the information flowing in or out of your networks, limit communication by subject name.
Subject names specify exactly which messages may enter and leave a local network—the routing daemon blocks all other Rendezvous messages. For details, see Subject Gating.