8

I just got a full node up and running, following the guide on here http://iota.partners/. I have a firewall on, so all ports are blocked except for UDP 14600 and TCP 15600.

In my iota.ini file I have this: REMOTE_LIMIT_API="removeNeighbors, addNeighbors, interruptAttachingToTangle, attachToTangle, getNeighbors"

If I understand correctly, this makes all the "dangerous" API calls only available from localhost.

Would it then be safe to open port 14265 to the public?

Bjørnar Hagen
  • 191
  • 3
  • please define what you mean by safe. If you expose it, you will get more traffic from light wallet users so it may have a negative impact on your traffic bill. But they will not be able to "take over your machine" or run any code on it, or crash it. – mihi Dec 12 '17 at 21:57
  • It was the whole "take over your machine" part I was worried about. As long as they can't do that, it's fine. Tanks for your reply! – Bjørnar Hagen Dec 12 '17 at 22:19

1 Answers1

4

Exposing your API to the public has risks, but is not necessarily a problem. Some of the risks include a higher likelihood of a Denial of Service attack, additional attempts to port-scan your IP (for example, to see if you have an open SSH port as well), etc.

Additionally, if you do expose the API to the public, you will want to limit which API calls are made available. For example, if you do not want the public to remove all of your neighbors (which you shouldn't want them to do), you'll want to remove that command using the --remote-limit-api flag.

Kevin Prow
  • 56
  • 2