Is Public Access To Port 8735 Security Sensitive?

[vinzenz]

During the installation procedure, Zextras says:

ZeXtras Suite needs to bind on TCP port 8735 in order to operate, for inter-instance communication.
Please verify no other service listens on that port and that it is properly filtered from public access by your firewall

I have a single server setup and currently do not filter this port. Does this cause any security problems?

[d0s0n]

Hi vicenz,

as stated in the warning message you shouldn't expose it to the public access to avoid security problems....

D0s0n

[vinzenz]

Ok, I think this should be communicated better.
Further, the webinterface seems to need access to this port even in single server setups, so I had to allow traffic for the loopback interface.
Just in case there is anybody else like me not too familiar with iptables, this is how I solved it:

-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8735 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p udp -m udp --dport 8735 -j REJECT --reject-with icmp-port-unreachable

[d0s0n]

Further, the webinterface seems to need access to this port even in single server setups, so I had to allow traffic for the loopback interface.

Hi vinzenz,
AFAIK, there's no need to access to that port in a single server enviroment... If you have experienced some issue when you are blocking it, please let us know.

Just in case there is anybody else like me not too familiar with iptables, this is how I solved it:

-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8735 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p udp -m udp --dport 8735 -j REJECT --reject-with icmp-port-unreachable

A single line like this will be suffice:

Code:

-A INPUT -p tcp  --dport 8735 -j REJECT

D0s0n