So, as a test, I created a user with NO webmin permissions, only remote RPC. And, it updated DNS. Meaning, anyone on the internet could if those ports are open on my firewall (which they are). I am not so sure this is a good thing, but the obvious solution is to make sure your firewall only accepts RPC calls from the correct master IP. Which I have done now.
I believe they follow the main port.
--
Check out the forum guidelines!
And you would be correct, they DO follow.
So, as a test, I created a user with NO webmin permissions, only remote RPC. And, it updated DNS. Meaning, anyone on the internet could if those ports are open on my firewall (which they are). I am not so sure this is a good thing, but the obvious solution is to make sure your firewall only accepts RPC calls from the correct master IP. Which I have done now.
Is this a bug???
Except it's not a big deal since they would have to have the user and password. So, as long as not plain text, one is fine. Forgot about that. Doh!