Graph node listens on all interfaces by default

[crypt1d]

Do you want to request a feature or report a bug?
bug

What is the current behaviour?
Graph node listens on all interfaces (0.0.0.0) by default. This includes the admin endpoint, as well as the http/ws API and the metrics endpoint.

If the current behaviour is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem.
Start the node.

What is the expected behaviour?
Graph node should listen only on localhost by default. It should be possible to specify the interface:port combination in the parameters for various endpoints. Currently one can only specify the port to listen on.

Listening on all interfaces (0.0.0.0) by default is not considered a good security practice as it exposes the various sensitive parts of the node (eg admin rpc interface) to the public.

+1 for this

But I assume you should setup any firewall application and open specific ports to prevent any kind of DDOS.

Building a reverse-proxy with nginx and communicating with only nginx will be the best practice for production use.