Closed Eithcowich closed 5 years ago
Yes. If all of your nodes are in the same network, you can block the ports using firewall or even remove export from start script. If the nodes are in different network, you can add firewall rules to allow them or use a reverse proxy to use SSL and authentication.
Thanks.
Can any node from the outside hit any of the open ports and get a response, or is communication limited to nodes in the Quorum network?
I got a response from the quorum
Slack. Here it is:
There is a flag named "--permissioned" that allows this. You supply a file
called "permissioned-nodes.json" with the enode IDs of the nodes you want to allow to
connect to/from. It should be the same format as the static-nodes.json file.
Check out this link for more details:
https://github.com/jpmorganchase/quorum/blob/master/docs/running.md#permissioned-network
Is Quorum Maker
taking care of this? Generating the permissioned-nodes.json
and starting the nodes with the --permissioned
flag?
We don't use the permissioned-nodes.json file. Instead we implemented a whitelist feature and allow nodes to accept/reject dynamic join requests
Not an issue. Closing. Please reopen otherwise.
I've been developing a 10 node setup, and kept ports 22000 - 22005 open. We are now moving to deployment and need to secure the system from outside hits. My questions are:
Can I entirely close the dashboard port at 22004? (So the dashboard would be visible only from localhost)
What is the purpose of the whisper port at 22001, and the WS port at 22005?