← Back to PRs

#21784: fix(security): restrict gateway ports to loopback by default

by smilekyra open 2026-02-20 10:58 View on GitHub →
docker size: S
## Summary - Change Docker port mappings from `0.0.0.0` to `127.0.0.1` to prevent unintended LAN exposure - Change default `--bind` value from `lan` to `loopback` when `OPENCLAW_GATEWAY_BIND` is not set ## Motivation By default, the Gateway was binding to all network interfaces (`0.0.0.0`), making it reachable by any device on the local network. For a personal AI assistant running locally, loopback-only is the safer default — users who need LAN access can explicitly set `OPENCLAW_GATEWAY_BIND=lan`. This aligns with the guidance in `SECURITY.md`: > Recommended: keep the Gateway loopback-only (127.0.0.1 / ::1). ## Test plan - [ ] Gateway starts and is accessible at `127.0.0.1:18789` locally - [ ] Gateway is not reachable from other devices on the LAN by default - [ ] Setting `OPENCLAW_GATEWAY_BIND=lan` restores previous LAN-accessible behaviour 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- greptile_comment --> <h3>Greptile Summary</h3> Changed Docker port bindings from `0.0.0.0` (implicit) to `127.0.0.1` (explicit loopback) and updated default `--bind` from `lan` to `loopback`, aligning with SECURITY.md guidance. - Restricted port mappings to loopback interface for security - Changed default bind mode to loopback in docker-compose command - Added notion skills volume mount (unrelated to security fix) - Documentation at `docs/install/docker.md:326` needs updating to reflect new default <h3>Confidence Score: 4/5</h3> - This PR improves security posture with minimal risk by restricting network exposure to loopback by default - The security changes align well with existing codebase defaults (`src/cli/gateway-cli/run.ts:226` and `src/macos/gateway-daemon.ts:102` already default to loopback). Port binding changes follow Docker best practices. One unrelated change (notion skills mount) and outdated documentation slightly reduce confidence. - No files require special attention - changes are minimal and well-scoped <sub>Last reviewed commit: 9be369d</sub> <!-- greptile_other_comments_section --> <sub>(2/5) Greptile learns from your feedback when you react with thumbs up/down!</sub> <!-- /greptile_comment -->

Most Similar PRs