Problem
Greyproxy currently binds every listener to all interfaces (0.0.0.0) out of the box:
| Service |
Default addr |
Bind |
| Dashboard / REST API |
:43080 |
all interfaces |
| HTTP proxy |
:43051 |
all interfaces |
| SOCKS5 proxy |
:43052 |
all interfaces |
| DNS proxy (UDP+TCP) |
:43053 |
all interfaces |
| Profiling (when enabled) |
:6060 |
all interfaces |
In Go, net.Listen("tcp", ":PORT") listens on every interface. On a laptop on a coffee‑shop Wi‑Fi or any LAN, this exposes:
- An open HTTP/SOCKS5 forward proxy that strangers can use to relay traffic.
- A DNS resolver usable for amplification or interception.
- The management dashboard and REST API, which can edit rules, see/approve pending requests, view request history (with bodies), and manipulate credentials.
The README already says "The dashboard will be available at http://localhost:43080" — the intent was clearly loopback-only, but the implementation never enforced it.
Proposed change
- Default to
127.0.0.1 for every listener written as a bare port (:43080).
- Add a
--host <ip> flag to greyproxy serve and a top-level host: YAML field. IP literals only (hostnames rejected — matches redis --bind, postgres listen_addresses, etc.).
- Precedence: CLI flag > YAML > built-in
127.0.0.1.
- Log a WARN at startup when the operator opts into an unspecified bind (
0.0.0.0 / ::).
- Backward-compatible: addresses already carrying a host (e.g.
0.0.0.0:43080, 192.168.1.10:43080) are left alone.
Notes
- Greywall companion stays compatible: on Linux its socat bridge already targets
127.0.0.1:<port> literally; on macOS sandbox-exec rules resolve localhost which maps to 127.0.0.1. Confirmed by reading the greywall source.
- Edge case worth flagging in the release notes: macOS DNS UDP through socat could pick
::1 first via getaddrinfo. Recommended belt-and-suspenders follow-up in greywall: switch defaults from localhost:<port> to 127.0.0.1:<port>.
PR to follow.
Problem
Greyproxy currently binds every listener to all interfaces (
0.0.0.0) out of the box::43080:43051:43052:43053:6060In Go,
net.Listen("tcp", ":PORT")listens on every interface. On a laptop on a coffee‑shop Wi‑Fi or any LAN, this exposes:The README already says "The dashboard will be available at http://localhost:43080" — the intent was clearly loopback-only, but the implementation never enforced it.
Proposed change
127.0.0.1for every listener written as a bare port (:43080).--host <ip>flag togreyproxy serveand a top-levelhost:YAML field. IP literals only (hostnames rejected — matchesredis --bind,postgres listen_addresses, etc.).127.0.0.1.0.0.0.0/::).0.0.0.0:43080,192.168.1.10:43080) are left alone.Notes
127.0.0.1:<port>literally; on macOSsandbox-execrules resolvelocalhostwhich maps to127.0.0.1. Confirmed by reading the greywall source.::1first via getaddrinfo. Recommended belt-and-suspenders follow-up in greywall: switch defaults fromlocalhost:<port>to127.0.0.1:<port>.PR to follow.