Although currently no exploits against the GRAM gatekeeper are known (for version 1.1.3), access from `external' sources should preferably be restricted to limit exposure of the gatekeeper. The GRAM gatekeeper listens on port 2119.
