Return-Path: Delivered-To: apmail-activemq-users-archive@www.apache.org Received: (qmail 70572 invoked from network); 24 Aug 2010 22:38:48 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 24 Aug 2010 22:38:48 -0000 Received: (qmail 35848 invoked by uid 500); 24 Aug 2010 22:38:48 -0000 Delivered-To: apmail-activemq-users-archive@activemq.apache.org Received: (qmail 35803 invoked by uid 500); 24 Aug 2010 22:38:47 -0000 Mailing-List: contact users-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@activemq.apache.org Delivered-To: mailing list users@activemq.apache.org Received: (qmail 35795 invoked by uid 99); 24 Aug 2010 22:38:47 -0000 Received: from Unknown (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Aug 2010 22:38:47 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=FREEMAIL_FROM,SPF_HELO_PASS,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of lists@nabble.com designates 216.139.236.158 as permitted sender) Received: from [216.139.236.158] (HELO kuber.nabble.com) (216.139.236.158) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Aug 2010 22:38:26 +0000 Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1Oo285-0002fW-GF for users@activemq.apache.org; Tue, 24 Aug 2010 15:38:05 -0700 Message-ID: <29527128.post@talk.nabble.com> Date: Tue, 24 Aug 2010 15:38:05 -0700 (PDT) From: Eraos To: users@activemq.apache.org Subject: Re: Bind only to localhost/private network In-Reply-To: <20100824235552.1903d05b@screw> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: remi@broemeling.org References: <29526752.post@talk.nabble.com> <20100824235552.1903d05b@screw> X-Virus-Checked: Checked by ClamAV on apache.org Vjaceslavs Klimovs wrote: > > Hi, > Binding JMX to a specified address is unfortunately not trivial. For > details see this blog post: > http://vafer.org/blog/20061010091658 > > You will probably be better off using firewall to whitelist only your > transport socket. > Ouch. That's very unfortunate, particularly as one of the ports that ActiveMQ listens on (33689 in the above netstat output) bounces around. If there is no way to lock those listens down to localhost (without editing the ActiveMQ source, anyway...), then is there any way to lock all of the ports down (so that they don't change), so that I can just firewall only those ports? I have nearly all of them locked down, only that 33689 one bounces around (it changes with every restart of ActiveMQ) -- can anyone tell me what it is and how I can force it to be predictable? Thanks. -- View this message in context: http://old.nabble.com/Bind-only-to-localhost-private-network-tp29526752p29527128.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.