[BUG] Farmer Always Listens on 0.0.0.0:8447 #20527
eatnumber1
started this conversation in
Ideas
Replies: 2 comments
-
|
More options could be added to provide more granular control, but it's not a priority right now, as the current config is simple and, in most cases, ports aren't exposed by simply having a service listen on that port. Also, connections to the farmer also need to be done with the private CA, so random connections will fail at the TLS level |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Moving this to discussions and tagging as an enhancement request so it can be added to the proper tracking system and work log |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
What happened?
It looks like the farmer will always listen on
0.0.0.0:8447(and[::]:8447). That's because the empty string is passed to thehostnameargument here https://github.com/Chia-Network/chia-blockchain/blob/main/chia/server/server.py#L286C17-L286C29AFAIK the farmer only needs to accept connections from harvesters, so binding the farmer's listening port to e.g. a VPN interface or localhost seems like a good security improvement, especially on internet facing hosts without a deny-by-default firewall (where simply starting the farmer exposes it to the internet today).
Version
2.6.0
What platform are you using?
Linux
What ui mode are you using?
CLI
Relevant log output
Beta Was this translation helpful? Give feedback.
All reactions