orion 4ca9e588b5 security: bind all ports to 127.0.0.1 ...

Docker bypasses ufw and exposes 0.0.0.0-bound ports directly via
iptables DNAT rules, even when ufw default policy is deny. Bind
every service port to 127.0.0.1 so only nginx (and SSH tunnels for
wizard) can reach them from outside.

2026-04-16 08:54:19 +00:00

3.5 KiB

Raw Permalink Blame History

View Raw