I don't know who needs to hear this, but DO NOT EVER expose Jellyfin to the internet

Scary le Poo@beehaw.org · 11 days ago

I don't know who needs to hear this, but DO NOT EVER expose Jellyfin to the internet

𝓔𝓶𝓶𝓲𝓮@lemm.ee · edit-2 11 days ago

I think you can IP whitelist who can access it no? That should solve any problems

There is zero (0) chance of an attacker to know and then spoof address of your friend unless you have even bigger problems. Good filter should simply not respond to any packets making very existence of exploitable site undetectable.

jherazob@beehaw.org · 10 days ago

Wrong use case, the expected one is friends and family watching stuff on your Jellyfin server from different homes, potentially through mobile, all with dynamic IPs

unbuckled@lemm.ee · 10 days ago

Perfect use for allowlisting based on dynamic DNS hostnames.

ReversalHatchery@beehaw.org · 10 days ago

is that a feature in Jellyfin? and since when do all ISP subscribers have names in DNS?

unbuckled@lemm.ee · 10 days ago

You would set up the allowlist in your firewall. There are plenty of free options for dynamic DNS though not from any ISPs that I’m aware of.

ReversalHatchery@beehaw.org · 10 days ago

oh, in your firewall. I think I can count the percents on one hand about how much of jellyfin users run a firewall applience besides it

I don't know who needs to hear this, but DO NOT EVER expose Jellyfin to the internet

I don't know who needs to hear this, but DO NOT EVER expose Jellyfin to the internet

Collection of potential security issues in Jellyfin · Issue #5415 · jellyfin/jellyfin