We’re dealing with a large vendor-provided application, which runs a multitude of Java-processes on a multitude of servers. Each of these processes has JMX-functionality enabled and open to remote connections… This cannot be outright disabled, because different components talk to each other through JMX, across different computers.
We’d like to mitigate this openness by limiting the JMX ports to a port-range — then blocking this range to connections from IPs outside the cluster running the application by using either a firewall or Java Security Manager.
The com.sun.management.jmxremote.port property allows setting the port to be used by JMX, but it appears to accept only a single port-number — not range — which makes it unsuitable for our situation, where multiple processes need to listen on the same computer.
Is there some other means, that can limit the port-range used by JMX-functionality?
