Protect jvb (8888) health port

if port 8888 is used for jvb health checking, is it mandatory to have this port open to any requests ?
I’m using jitsi-videobridge2 ( 2.1-202-g5f9377b9-1 ) and I notice this message once in the log

kernel: [5758258.813974] TCP: request_sock_TCP: Possible SYN flooding on port 8888. Sending cookies.  Check SNMP counters

I ran tcpdump and saw what I assume were unsollicited requests. So:

  1. if this port is only used by internal applications, does jvb need to listen on the internet ?
  2. if not, can I apply a rate-limiter ?

You should not open it to the public. The only one that needs to be open to the public internet is udp 10000.

Understood. Is it possible to listen from localhost (::1 preferably) only ?