Restrict by IP nodes allowed to connect to Event Proxy
Description
Environment
Acceptance / Success Criteria
blocks
is duplicated by
Lucidchart Diagrams
Activity
Seth Leger September 19, 2014 at 1:42 PM
The remoting was switched to use HTTP-authenticated Spring remoting during work on the remote poller application. If there are any other concerns about IP ACLs, please open new issues.
Seth Leger (community account) September 1, 2010 at 6:29 PM
has been marked as a duplicate of this bug. ***
David Hustace February 8, 2008 at 10:30 AM
I would like to resolve the issue by changing the remoting protocol to be HTTP based using either: Hessian (this would allow remote monitors to be written in other languages such as: Python, Ruby, C), Burlap, or Spring's HttpInvoker. This requires that OpenNMS is running Jetty.
DJ Gregor February 2, 2008 at 4:21 PM
More resources for the RMI bits:
http://www.java-interview.com/RMI_Interview_Questions.html
http://weblogs.java.net/blog/emcmanus/archive/2006/12/index.html
DJ Gregor February 2, 2008 at 4:07 PM
Maybe the RMI stuff can be taken care of with some options to the Spring RmiServiceExporter, like setRegistryHost and using a custom RMIServerSocketFactory with setRegistryServerSocketFactory. Note, we likely replace the need to set the java.rmi.server.hostname system property by implementing a RMIClientSocketFactory that connects to the right host.
I know that IP firewalls should be configured on the OpenNMS server to restrict connection to port 5817, however, it may be a good idea to add an IP based ACL for access to OpenNMS' TCP and UDP Event proxy. A good temporary solution is to provide a script in contrib that will modify IP tables.