From 5371fb261e4cce7d76993a95cc982bcda335bd4d Mon Sep 17 00:00:00 2001
From: Joachim Lusiardi <jlusiardi@users.noreply.github.com>
Date: Sat, 23 Jun 2018 10:04:19 +0200
Subject: [PATCH 1/2] Bind to localhost instead of all

---
 src/build_data/windows/brickd.ini | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/build_data/windows/brickd.ini b/src/build_data/windows/brickd.ini
index 2567e141..1d7138c2 100644
--- a/src/build_data/windows/brickd.ini
+++ b/src/build_data/windows/brickd.ini
@@ -23,7 +23,7 @@
 # authentication if you enabled WebSocket support.
 #
 # The default values are 0.0.0.0, 4223, 0 (disabled), 4240 and off.
-listen.address = 0.0.0.0
+listen.address = 127.0.0.1
 listen.plain_port = 4223
 listen.websocket_port = 0
 listen.mesh_gateway_port = 4240

From 3797f5a7d19d04e245cd1155d77b98b80307d324 Mon Sep 17 00:00:00 2001
From: Joachim Lusiardi <joachim@lusiardi.de>
Date: Sat, 23 Jun 2018 11:04:41 +0200
Subject: [PATCH 2/2] Change default listen address to localhost

---
 src/brickd/config_options.c                                   | 2 +-
 src/build_data/linux/installer/etc/brickd-default.conf        | 4 ++--
 src/build_data/linux/installer/etc/brickd-red-brick.conf      | 4 ++--
 .../linux/installer/usr/share/man/man5/brickd.conf.5          | 2 +-
 src/build_data/linux/installer/usr/share/man/man8/brickd.8    | 2 +-
 src/build_data/macos/installer/root/etc/brickd.conf           | 4 ++--
 src/build_data/windows/brickd.ini                             | 2 +-
 7 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/brickd/config_options.c b/src/brickd/config_options.c
index a2e1922c..caf55548 100644
--- a/src/brickd/config_options.c
+++ b/src/brickd/config_options.c
@@ -48,7 +48,7 @@ static const char *config_format_red_led_trigger(int value) {
 #endif
 
 ConfigOption config_options[] = {
-	CONFIG_OPTION_STRING_INITIALIZER("listen.address", 1, -1, "0.0.0.0"),
+	CONFIG_OPTION_STRING_INITIALIZER("listen.address", 1, -1, "127.0.0.1"),
 	CONFIG_OPTION_INTEGER_INITIALIZER("listen.plain_port", 1, UINT16_MAX, 4223),
 	CONFIG_OPTION_INTEGER_INITIALIZER("listen.websocket_port", 0, UINT16_MAX, 0), // default to enable: 4280
 	CONFIG_OPTION_INTEGER_INITIALIZER("listen.mesh_gateway_port", 1, UINT16_MAX, 4240),
diff --git a/src/build_data/linux/installer/etc/brickd-default.conf b/src/build_data/linux/installer/etc/brickd-default.conf
index 845411ef..95a3eb81 100644
--- a/src/build_data/linux/installer/etc/brickd-default.conf
+++ b/src/build_data/linux/installer/etc/brickd-default.conf
@@ -22,8 +22,8 @@
 # Bricks and Bricklets connected to it. We strongly recommend that you enable
 # authentication if you enabled WebSocket support.
 #
-# The default values are 0.0.0.0, 4223, 0 (disabled), 4240 and off.
-listen.address = 0.0.0.0
+# The default values are 127.0.0.1, 4223, 0 (disabled), 4240 and off.
+listen.address = 127.0.0.1
 listen.plain_port = 4223
 listen.websocket_port = 0
 listen.mesh_gateway_port = 4240
diff --git a/src/build_data/linux/installer/etc/brickd-red-brick.conf b/src/build_data/linux/installer/etc/brickd-red-brick.conf
index 63722f55..95088070 100644
--- a/src/build_data/linux/installer/etc/brickd-red-brick.conf
+++ b/src/build_data/linux/installer/etc/brickd-red-brick.conf
@@ -22,8 +22,8 @@
 # Bricks and Bricklets connected to it. We strongly recommend that you enable
 # authentication if you enabled WebSocket support.
 #
-# The default values are 0.0.0.0, 4223, 0 (disabled), 4240 and off.
-listen.address = 0.0.0.0
+# The default values are 127.0.0.1, 4223, 0 (disabled), 4240 and off.
+listen.address = 127.0.0.1
 listen.plain_port = 4223
 listen.websocket_port = 0
 listen.mesh_gateway_port = 4240
diff --git a/src/build_data/linux/installer/usr/share/man/man5/brickd.conf.5 b/src/build_data/linux/installer/usr/share/man/man5/brickd.conf.5
index d8f2405b..f5ff8fec 100644
--- a/src/build_data/linux/installer/usr/share/man/man5/brickd.conf.5
+++ b/src/build_data/linux/installer/usr/share/man/man5/brickd.conf.5
@@ -44,7 +44,7 @@ connections.
 binds a plain TCP/IP socket and a WebSocket to this address to listen for
 incoming plain TCP/IP and WebSocket connections. The address can either be a
 dotted-decimal IPv4 address or a hexadecimal IPv6 address. It can also be a
-hostname such as \fIlocalhost\fR. The default value is \fI0.0.0.0\fR.
+hostname such as \fIlocalhost\fR. The default value is \fI127.0.0.1\fR.
 .IP "\fBlisten.plain_port\fR" 4
 The port number to listen to for incoming plain TCP/IP connections. The default
 value is \fI4223\fR.
diff --git a/src/build_data/linux/installer/usr/share/man/man8/brickd.8 b/src/build_data/linux/installer/usr/share/man/man8/brickd.8
index e0dc29fa..f57ab000 100644
--- a/src/build_data/linux/installer/usr/share/man/man8/brickd.8
+++ b/src/build_data/linux/installer/usr/share/man/man8/brickd.8
@@ -22,7 +22,7 @@ available for various programming languages.
 Bricks connected to USB are identified using their vendor ID (16D0) and product
 IDs (063D and 09E5).
 .PP
-By default, brickd binds to 0.0.0.0 (IPv4) and listens on port 4223 for
+By default, brickd binds to 127.0.0.1 (IPv4) and listens on port 4223 for
 incoming TCP/IP connections. Listening for incoming WebSocket connections is
 disabled by default for security reasons. The bind address (IPv4 or IPv6),
 listen ports, dual-stack operation and WebSocket support can be configured in
diff --git a/src/build_data/macos/installer/root/etc/brickd.conf b/src/build_data/macos/installer/root/etc/brickd.conf
index 845411ef..95a3eb81 100644
--- a/src/build_data/macos/installer/root/etc/brickd.conf
+++ b/src/build_data/macos/installer/root/etc/brickd.conf
@@ -22,8 +22,8 @@
 # Bricks and Bricklets connected to it. We strongly recommend that you enable
 # authentication if you enabled WebSocket support.
 #
-# The default values are 0.0.0.0, 4223, 0 (disabled), 4240 and off.
-listen.address = 0.0.0.0
+# The default values are 127.0.0.1, 4223, 0 (disabled), 4240 and off.
+listen.address = 127.0.0.1
 listen.plain_port = 4223
 listen.websocket_port = 0
 listen.mesh_gateway_port = 4240
diff --git a/src/build_data/windows/brickd.ini b/src/build_data/windows/brickd.ini
index 1d7138c2..f89eb3fc 100644
--- a/src/build_data/windows/brickd.ini
+++ b/src/build_data/windows/brickd.ini
@@ -22,7 +22,7 @@
 # Bricks and Bricklets connected to it. We strongly recommend that you enable
 # authentication if you enabled WebSocket support.
 #
-# The default values are 0.0.0.0, 4223, 0 (disabled), 4240 and off.
+# The default values are 127.0.0.1, 4223, 0 (disabled), 4240 and off.
 listen.address = 127.0.0.1
 listen.plain_port = 4223
 listen.websocket_port = 0