Restricting Cassandra to localhost only

Question

I installed cassandra as a service on Ubuntu. Test Cluster is accessible on 127.0.0.1:9042. I want to restrict everything related to cassandra to localhost only, nothing open to internet. Currently, this is what I see on netstat -tulpen:

udp        0      0 130.159.223.50:123      0.0.0.0:*
udp        0      0 0.0.0.0:123             0.0.0.0:*
udp6       0      0 fe80::215:5dff:fcdf:123 :::*
udp6       0      0 ::1:123                 :::*
udp6       0      0 :::123                  :::*

Answer 1

Disclaimer: What you want to achieve can be done through configuration, but for a production cluster, it should be done using a firewall.

You need to modify a number of settings in cassanra.yaml to listen only for the loopback address (127.0.0.1)

listen_address: 127.0.0.1
rpc_address: 127.0.0.1
# make sure the broadcast address is commented out
# broadcast_address: 1.2.3.4

When running nodetool you should see the node's ip as the loopback interface ip

$ nodetool  status

Datacenter: datacenter1
=======================
Status=Up/Down
|/ State=Normal/Leaving/Joining/Moving
--  Address    Load       Tokens       Owns    Host ID                               Rack
UN  127.0.0.1  60.62 TB   256          ?       e7060cda-f99b-495c-ad55-2d380b4d452e  rack1

Note: Non-system keyspaces don't have the same replication settings, effective ownership 
information is meaningless

You can then verify that cassandra is innacessable over the public or private ip but only on the loopback ip with telnet:

core:cassandra core$ telnet <external ip> 9042
Trying 134.103.x.x...
telnet: connect to address 134.103.x.x: Connection refused
telnet: Unable to connect to remote host

core:cassandra core$ telnet <internal ip> 9042
Trying 10.17.x.x...
telnet: connect to address 10.17.x.x: Connection refused
telnet: Unable to connect to remote host

core:cassandra core$ telnet 127.0.0.1 9042
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
^]
telnet> Connection closed.