Protect jvb (8888) health port

ongolaboy · July 19, 2020, 10:22am

Hello,
if port 8888 is used for jvb health checking, is it mandatory to have this port open to any requests ?
I’m using jitsi-videobridge2 ( 2.1-202-g5f9377b9-1 ) and I notice this message once in the log

kernel: [5758258.813974] TCP: request_sock_TCP: Possible SYN flooding on port 8888. Sending cookies.  Check SNMP counters

I ran tcpdump and saw what I assume were unsollicited requests. So:

if this port is only used by internal applications, does jvb need to listen on the internet ?
if not, can I apply a rate-limiter ?

damencho · July 19, 2020, 1:20pm

You should not open it to the public. The only one that needs to be open to the public internet is udp 10000.

ongolaboy · July 19, 2020, 2:54pm

Understood. Is it possible to listen from localhost (::1 preferably) only ?