Software: Non-altered 64-bit linux binary 0.9.2.1 bitcoind verified sha256sum and checked that the sha256sum file had a legit pgp signature.
Content of bitcoin.conf:
server=1
rpcuser=user
rpcpassword=pass
rpcallowip=127.0.0.1
logtimestamps=1
alertnotify=echo %s | mail -s "Bitcoin Alert" [email protected]
maxconnections=5
Bitcoind is started with:
With the above configuration, a portmap scan from another machine revealed:
nmap -v4 -Pn -p 8332 ipofbitcoinnode
8332/tcp open unknown
I then altered the config file, shut down and restarted the bitcoin node:
rpcuser=user
rpcpassword=pass
logtimestamps=1
alertnotify=echo %s | mail -s "Bitcoin Alert" [email protected]
maxconnections=5
$ nmap -v4 -Pn -p 8332-8333 ipofbitcoinnode
PORT STATE SERVICE
8332/tcp closed unknown
8333/tcp open unknown
The question is: In the first configuration, should not rpc-port 8332
only be accessible to localhost (127.0.0.1) and all others be blocked by default? I can't see a
rpcdisallowip or similar configuration flag exist. And it seems that setting
server=1 overrides
rpcallowip=127.0.0.1?
I think that for security reasons, when
server=1 is set in bitcoin.conf or given on the command line as
-server when starting bitcoind, who can connect to the node should be explicitly needed to configured. For example by introducing a new parameter like
rpcdisallowip.
When
server=1 i propose that the following should hold true:
rpcdisallowip by default is set to
ALL as in 'Deny All'
rpcallowip by default is set to
127.0.01, localhost. (perhaps also bitcoind upon start should print a warning if
server=1 explaining that rpc server is active, and that it only accepts connections from localhost, and you need to use the
rpcdisallowip and
rpcallowip config settings to alter the default behaviour.
The reason I think this is important, is that someone not too experienced might set
server=1 and
rpcallowip=127.0.0.1 in their bitcoin.conf, and think they're all good to go, while in reality they've opened up themselves to the entire internet.
I think that
rpcallowip should override
rpcdisallowip.
Example:
rpcdisallowip=ALL
rpcallowip=127.0.0.1,222.222.222.222
It should mean that only 127.0.0.1 and 222.222.222.222 can connect to rpc port 8332.
(but perhaps it would be smarter to do it the other way around, so that you always was sure that if you disallowed some ip, that would always be the authoritative setting? Not sure what the best practice here is. But I guess other software like apache, sshd etc. already has this pretty much figured out.
The problem is though if
rpcdisallowip is authorative and sett to
ALL, then no matter what you did with
rpcallowip would have any effect, so the best thing I would think would be to see how other established open source projects has solved rule based access.
However, I might be completely off with my thinking, and this being a complete non-issue, so I'm interested in seeing what others think of this. But currently, how do you prevent everybody from accessing port 8332 when setting
server=1 and there being no
BLOCK ALL default rule? I can see using iptables or other software to set rules, but I do think it should be possible to set this in bitcoind.