For a standalone (non-clustered) config, this is what I use:
asadmin set configs.config.server-config.iiop-service.iiop-listener.orb-listener-1.address=127.0.0.1
asadmin set configs.config.server-config.network-config.network-listeners.network-listener.admin-listener.address=127.0.0.1
asadmin set configs.config.server-config.admin-service.jmx-connector.system.address=127.0.0.1
This leaves the default http and https listeners open (ports 8080 and 8181).
In the setup instructions I've made for my internal operations, the
following is the list of ports:
3700 is IIOP_LISTENER_PORT
4848 is ASADMIN_LISTENER_PORT
7676 is JMS_PROVIDER_PORT
8686 is JMX_SYSTEM_CONNECTOR_PORT
Port 7676 (the jms provider) is only listening on 127.0.0.1 out of the
box so it doesnt require an asadmin command.
Hope that helps!
- Phillip
On Thu, Aug 16, 2012 at 8:26 AM, Samuel Halliday <sam.halliday_at_gmail.com> wrote:
> Dear all,
>
> I was wondering if anybody has a set of asadmin commands which would configure
> an out-of-the-box glassfish to be entirely limited to ports on localhost ? (i.e. 127.0.0.1)
>
> I would also like to have full visibility of the ports which are open and
> understand why they are needed. From my perspective, the only thing that
> needs to be open is the HTTP serving port and the admin console. I want to completely restrict other ports for security reasons, using embedded service providers where
> possible.
>
> --
> Sam
>