Bootnode security: Which ports to close/open?

#1

Do we have a list of ports that need to be closed / open for bootnode?

Are there specific instructions on firewalls and other security measures for bootnodes?

#2

If you install a boot node using the playbook you don’t need to modify security groups.
You node has three open ports:

  • ssh, for remote access
  • 8545, for RPC
  • 30303, for P2P
1 Like
#3

Why is the RPC opened, if the guide says to disable it?

allow_bootnode_rpc: false

#4

Also, I think it is better if I doublecheck and ask again with more info:

Are we sure that ansible will take care of all nessesary security settings?

For example, if somebody deploys a bootnode on AWS and set a security group with the following settings for inbound and outbound rules:

Allow ALL traffic from ALL IPs

Will that be still OK after running ansible playbook?

1 Like
#5

And to add to this, since our node IPs are public, what kind of audits have we done (plan to do) to ensure our VMs are locked down and can’t be compromised by hackers? Arguably most of the validators are anything but Ubuntu gurus.

Thanks, MM

#6

Validators responsible for the security of their nodes.
We provide recommendations, e.g. to close all incoming ports on mainnet

2 Likes
#7

Do we offer a wiki for how to do this? On Windows 10 Defender locks down ports by default and also monitors for trojans and viruses using a serviced signature db. Not familiar with the latest state of Ubuntu in terms of its default security.

#8

It’s a part of deployment-playbook
We should add more documentation about security parameters.

1 Like