Monitoring & Best‑Practices

Before diving into day‑to‑day metrics, remember that your node’s most valuable resource is its throughput score—and that score assumes every request reaching you is authenticated, metered, and paid for. The FlameWire gateway enforces those guarantees, but only if all other traffic is kept out. Treat the gateway as your single‑trusted ingress and everything else as potential spam or DoS. With that mindset, follow the practices below to lock down your RPC port, protect bandwidth, and keep your weight (and ALPHA rewards) healthy.

• Permit RPC traffic exclusively from the FlameWire gateway. Configure your firewall or cloud‑security group so that the node’s RPC port accepts connections only from the official gateway IP ranges. All other inbound RPC traffic must be denied.

• Bind the RPC listener to localhost or an internal interface. Expose the port to the gateway through an internal tunnel or reverse proxy, rather than publishing it openly on the public internet.

• Restrict outbound traffic to essentials. Your node should communicate only with (1) the FlameWire gateway for health checks and (2) the blockchain’s native P2P/validator ports. Blocking all other destinations prevents a compromised node from generating spam.

• Monitor for non‑gateway requests. Set alerts that trigger if any inbound RPC packets originate from IPs outside the gateway ranges; this indicates a misconfigured firewall.

Why this matters: These measures ensure your node processes only metered, authenticated calls—protecting you from bandwidth‑draining spam and safeguarding your throughput score (and therefore your ALPHA rewards).