Giter VIP home page Giter VIP logo

Comments (5)

maded2 avatar maded2 commented on August 17, 2024

PlotNG UI is designed to query multiple PlotNG servers to display a single consolidated view of all plotters. If PlotNG is forced to only serve localhost then this feature will not work. I suggest you can setup your PC firewall to block incoming traffic to the port (default 8444) for your specific setup.

from plotng.

carlosvsilva avatar carlosvsilva commented on August 17, 2024

But why can't the admin choose to not serve an open port on public interfaces? A firewall is for network level filtering around servers one has no control over. But since i'm running the server i should be able to just not expose a daemon on all interfaces, and keep it safely on 127.0.0.1 to reduce the attack surface. If I don't open daemons on internet connected interfaces there's no need for a firewall at all. Thanks.

from plotng.

CharlesWiltgen avatar CharlesWiltgen commented on August 17, 2024

@carlosvsilva, why not handle this in the same way you're dealing with all of the various ports (55400, 8555, 8559, 8560, 9256) that the Chia software itself opens?

from plotng.

carlosvsilva avatar carlosvsilva commented on August 17, 2024

All other daemons open mostly on 127.0.0.1 alone, apart from chia full node which I believe actually needs to receive connections from the Internet to sync and do its thing otherwise may not work well. I'm exploring with AppArmor see if I can confine chia node and farmer without breaking them. Other than chia, only SSH accepts outside authenticated connections for security.
netstat output:
`
Proto Recv-Q Send-Q Endereço Local Endereço Remoto Estado PID/Program name
tcp 0 0 0.0.0.0:8444 0.0.0.0:* ESCUTA 2917/chia_full_node

tcp 0 0 0.0.0.0:8447 0.0.0.0:* ESCUTA 2915/chia_farmer

tcp 0 0 127.0.0.1:9256 0.0.0.0:* ESCUTA 2919/chia_wallet

tcp 0 0 127.0.0.1:55400 0.0.0.0:* ESCUTA 1777/chia_daemon

tcp 0 0 127.0.0.1:8555 0.0.0.0:* ESCUTA 2917/chia_full_node

tcp 0 0 127.0.0.1:8559 0.0.0.0:* ESCUTA 2915/chia_farmer

tcp 0 0 127.0.0.1:8560 0.0.0.0:* ESCUTA 2913/chia_harvester

tcp 0 0 127.0.0.53:53 0.0.0.0:* ESCUTA 1419/systemd-resolv

tcp 0 0 0.0.0.0:22 0.0.0.0:* ESCUTA 1654/sshd: /usr/sbi

tcp 0 0 127.0.0.1:631 0.0.0.0:* ESCUTA 1468/cupsd
`

from plotng.

maded2 avatar maded2 commented on August 17, 2024

Personal firewall is the only viable way to achieve the high security you are looking for. Just block all the ports you don't want to open.

from plotng.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.