[collectd] Safety for exposing a collectd network listening port to internet

elliot.li.tech at gmail.com elliot.li.tech at gmail.com
Wed Jan 16 16:35:36 CET 2019

On 1/15/19 1:59 PM, Ricardo J. Barberis wrote:
> El Martes 15/01/2019 a las 17:30, elliot.li.tech at gmail.com escribió:
>> Is it safe to expose a collectd network listening port to the internet?
>> I will have other machines running collectd and sending data to this
>> listener over the internet. I'll enable signature and encryption.
>> I've searched the CVE database for collectd and only found two
>> vulnerabilities (CVE-2016-6254, CVE-2017-7401) that seem remotely
>> exploitable. For now I have the impression that the network parsing part
>> of collectd seems safe.
>> Any comments are welcome. Thank you!
> The obvious, but I'd also filter via iptables/ip6tables which IPs can connect
> to collectd's port, just to be on the safe side.

I could. But I'm accepting incoming connections from users that move 
around, so I wouldn't be able to restrict the IPs too much.


More information about the collectd mailing list