chromium browser (pepperflashplugin) opening listening ports on 0.0.0.0:5353
I noticed this issue when I check for local listening ports with ss -utln
before Google brought me here.
My first thought of disabling this is to take a look at chrome://flags
. And I found this: chrome://flags/#device-discovery-notifications
Disabling this so-called "device discovery" feature turns off listening of mDNS port 5353/tcp. You need to relaunch Chromium / Google Chrome to make this take effect.
It seems those ports are Chromium's attempt at discovering local web servers announced through the Zeroconf protocol, specifically the Multicast DNS protocol. Basically, it means that if a web server on the local network exist, Chromium will notice it and pop out a notification. This has been known to trigger warnings in Windows so it is disabled there by default, yet it is unclear how to disable this directly.
On Linux with Chrome version 56.0.2924.87 (64-bit) setting the device-discovery-notification flag to Disabled and relaunching does not disable the listening port 5353
I also tried sudo apt-get purge avahi-daemon avahi-autoipd
Also tried /opt/google/chrome/chrome --disable-device-discovery-notifications
No luck, it appears the current version of Chrome no longer honors the flag/cmd line option and always listens on the port.
Using a firewall maybe the only way to block this port.
Using a firewall may require blocking on multicast IPs as well.
How to Block Apple Bonjour on your Local Network