TCP security questions (5.1.0.GA)

bjornd Jun 11, 2011 12:14 PM

I have just started porting a GlassFish project to JBoss 5.1.0.GA. I noticed that JBoss by default binds all listening sockets except one to 127.0.0.1. I think such a security policy is excellent by the way, and I wish GlassFish and Tomcat had the same defaults.

But I have a question to the community here, a twofold question actually:

1. How do I configure the address binding for the single randomly-numbered port that is listening on 0.0.0.0?

2. Why are only 14 of 16 sockets controlled by ${jboss.bind.address}? Of the remaining 2 sockets one is bound to 127.0.0.1 regardless of ${jboss.bind.address} and the other one is bound to 0.0.0.0. Has this been dealt with in later JBoss versions?

PS. I tried the other profiles also: web, standard, and minimal do not open this randomly-numbered port bound to 0.0.0.0. But my project needs the Java EE features.

1. Re: TCP security questions (5.1.0.GA)

wdfink Jun 11, 2011 12:56 PM (in response to bjornd)

1.)
You might replace the ${jboss.bind.address} by the address you want.
But I suppose it is a bit confusing and should be not used without preliminary consideration.

2.)
What ports you mean? which configuration?
Maybe it is a bug
Actions
2. Re: TCP security questions (5.1.0.GA)

bjornd Jun 11, 2011 1:06 PM (in response to wdfink)

The configuration is "default" (started by "run.sh" with no arguments).

Edit: anyone can reproduce this (i.e. a random port listening on address 0.0.0.0) by downloading JBoss 5.1.0.GA and starting it.
Actions
3. Re: TCP security questions (5.1.0.GA)

jaikiran Jun 11, 2011 1:28 PM (in response to bjornd)

The random ports might be from JBoss Messaging. Although, I don't know why it opens it. Here's a related thread http://community.jboss.org/message/591754#591754
Actions

Go to original post