romtuck/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
961b4adc1c
openclaw/docs/gateway
History
Jamieson O'Reilly a1f9825d63
security: add mDNS discovery config to reduce information disclosure (#1882) 
* security: add mDNS discovery config to reduce information disclosure

mDNS broadcasts can expose sensitive operational details like filesystem
paths (cliPath) and SSH availability (sshPort) to anyone on the local
network. This information aids reconnaissance and should be minimized
for gateways exposed beyond trusted networks.

Changes:
- Add discovery.mdns.enabled config option to disable mDNS entirely
- Add discovery.mdns.minimal option to omit cliPath/sshPort from TXT records
- Update security docs with operational security guidance

Minimal mode still broadcasts enough for device discovery (role, gatewayPort,
transport) while omitting details that help map the host environment.
Apps that need CLI path can fetch it via the authenticated WebSocket.

* fix: default mDNS discovery mode to minimal (#1882) (thanks @orlyjamie)

---------

Co-authored-by: theonejvo <orlyjamie@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-01-26 13:32:11 +00:00
..
authentication.md docs: add /help hub and Node/npm PATH guide 2026-01-16 23:10:29 +00:00
background-process.md fix: cap pending process output 2026-01-17 08:26:12 +00:00
bonjour.md docs: align node transport with gateway ws 2026-01-22 23:10:09 +00:00
bridge-protocol.md docs: align node transport with gateway ws 2026-01-22 23:10:09 +00:00
cli-backends.md fix: preserve CLI session IDs for session resume 2026-01-25 21:09:04 +00:00
configuration-examples.md docs: update media auto-detect 2026-01-23 05:47:16 +00:00
configuration.md security: add mDNS discovery config to reduce information disclosure (#1882) 2026-01-26 13:32:11 +00:00
discovery.md docs: align node transport with gateway ws 2026-01-22 23:10:09 +00:00
doctor.md docs: align gateway service naming 2026-01-21 17:45:26 +00:00
gateway-lock.md docs: clarify multi-gateway rescue bot guidance 2026-01-15 22:10:27 +00:00
health.md docs: complete channels rename sweep 2026-01-13 08:40:39 +00:00
heartbeat.md feat: add beta googlechat channel 2026-01-24 23:30:45 +00:00
index.md fix: require gateway auth by default 2026-01-26 12:56:33 +00:00
local-models.md docs: simplify local models guidance 2026-01-13 03:26:00 +00:00
logging.md fix: improve tool summaries 2026-01-23 01:00:24 +00:00
multiple-gateways.md docs: align node transport with gateway ws 2026-01-22 23:10:09 +00:00
openai-http-api.md Gateway: disable OpenAI HTTP chat completions by default (#686) 2026-01-10 21:55:54 +00:00
openresponses-http-api.md refactor: share responses input handling 2026-01-20 08:21:57 +00:00
pairing.md docs: align node transport with gateway ws 2026-01-22 23:10:09 +00:00
protocol.md fix: enforce secure control ui auth 2026-01-21 23:58:42 +00:00
remote-gateway-readme.md docs: make remote host examples generic 2026-01-12 02:11:33 +00:00
remote.md docs: fix remaining node ws references 2026-01-22 23:22:56 +00:00
sandbox-vs-tool-policy-vs-elevated.md feat: add elevated ask/full modes 2026-01-22 05:41:11 +00:00
sandboxing.md docs: clarify sandbox env + recreate guidance 2026-01-20 15:00:25 +00:00
security.md security: add mDNS discovery config to reduce information disclosure (#1882) 2026-01-26 13:32:11 +00:00
tailscale.md fix: harden tailscale serve auth 2026-01-26 12:49:19 +00:00
tools-invoke-http-api.md fix: document tools invoke + honor main session key (#1575) (thanks @vignesh07) 2026-01-24 09:29:32 +00:00
troubleshooting.md docs: add anthropic auth error troubleshooting 2026-01-25 00:07:19 +00:00