Jenkins listens on weird ports

I use Centos 6.5 and Jenkins 1.547. I installed Jenkins as outlined in Jenkins's wiki.

I configured Jenkins to listen on local port 8081.

netstat -tulpn reveals that Jenkins additionally listens on more ports (PID 981 being the running Jenkins process):

$ netstat -tulpn | grep 981

tcp        0      0 :::41613                    :::*                        LISTEN      981/java
tcp        0      0 ::ffff:127.0.0.1:8081       :::*                        LISTEN      981/java
tcp        0      0 :::43586                    :::*                        LISTEN      981/java
udp        0      0 :::33848                    :::*                                    981/java
udp        0      0 :::5353                     :::*                                    981/java

I am wondering about the purpose of those additional ports. Also, these ports are reachable from the outside, i.e. an outside nmap scan shows these ports being open.

How can I configure Jenkins to only listen on local port 8081?


There is an open issue in Jenkin's bugtracker which outlines the steps to follow in order to close all undesired ports:

  • In Jenkins' web interface, under DashboardManage JenkinsConfigure SystemSSH Server, select Disable.
  • In Jenkins' web interface, under DashboardManage JenkinsConfigure Global SecurityTCP port for JNLP slave agents, select Disable.
  • Assuming Jenkins starts up via /etc/init.d/jenkins as an unprivileged user, then edit the configuration file /etc/sysconfig/jenkins, locate JENKINS_JAVA_OPTIONS and add -Dhudson.DNSMultiCast.disabled=true -Dhudson.udp=1023 (... e.g. assuming it currently reads JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true", then change it to JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Dhudson.DNSMultiCast.disabled=true -Dhudson.udp=1023")