Proposal to bind gRPC API to localhost by default

[pavel-odintsov]

Hello!

I just pulled latest gRPC 3.15.0 and noticed that it binds gRPC to 0.0.0.0 / :: by default and exposes API to wild world of the Internet:

tcp6       0      0 :::50051                :::*                    LISTEN      3234326/./gobgpd    

As you can see I did not use any arguments or options for it. I'm pretty sure that majority of new deployments starts similar way and they will be vulnerable to attacks and will be insecure by default.

We discussed this issue while ago and it was partially addressed here by providing command line argument to specify API bind host (--api-hosts="::1"): #796

In this PR I changed default wildcard bind to :: which listens on all available interfaces to more specific IPv6 localhost ::1 which makes GoBGP secure by default.

Some may argue that not all servers have IPv6 connectivity but IPv6 localhost is available on all modern distributions.

Thank you!

[fujita]

This is a big change since GoBGP accepts any from day one. But I guess that the more secure default configuration is better. So I could merge this with the major version updated.
I guess that you need to fix some tests since they depend on this behavior.

[robbat2]

Query: how to correctly specify binding to both ::1 and 127.0.0.1?

Systems where IPv6 is disabled via net.ipv6.conf.all.disable_ipv6=1 won't have ::1