Hello Timothy I usually add iptables rules on top of every deployment, to block access from unknown locations to Apache Ignite and other services (Tomcat to name one, and others)
My typical iptables rules, embedded into /etc/rc.local looks like this: iptables -A INPUT -p tcp --match multiport --dport 10800,10801,11211,47100:47109,47400:47409,47500:47509 -s 127.0.0.1 -j ACCEPT iptables -A INPUT -p tcp --match multiport --dport 10800,10801,11211,47100:47109,47400:47409,47500:47509 -s 10.192.192.192/26 -j ACCEPT iptables -A INPUT -p tcp --match multiport --dport 10800,10801,11211,47100:47109,47400:47409,47500:47509 -j REJECT So connection to all Ignite ports (known to me) is permitted from localhost, from private network space in the cloud, then forbidden from anywhere else. You may also want to limit other ports exposed to the wild you may notice by netstat -nat This is a simple solution, other experts may have better solutions, and I'm also interested in them :) On the other hand, I noticed your running Ignite on IPv6, but I think running on IPv4 is still preferred. Cheers Gianluca Il giorno gio 18 nov 2021 alle ore 02:08 Timothy Peng <timosp...@gmail.com> ha scritto: > Hello, > > I saw Ignite is listening on all interfaces by default: > > tcp6 0 0 :::10800 :::* LISTEN > 3211/java > > > Does this have security issues since everyone can access the port and do > cache reading/writing? > > > Thanks >
