ConfigClarityGlossary › Port Binding

Port Binding

Port binding is the process of associating a network port on a host interface with a service or container, controlling which IP addresses and protocols can reach the service.
NetworkingDockerSecurity0.0.0.0Firewall

Port binding determines two things: which port number a service listens on, and which network interface (IP address) the service is accessible from. The combination of IP address and port is called a socket.

In Docker, port binding is specified in docker-compose.yml as HOST_IP:HOST_PORT:CONTAINER_PORT. Omitting the HOST_IP (e.g., 8080:80) binds to 0.0.0.0, which means all interfaces including the public internet-facing interface. This is the most common cause of accidentally exposed services.

Interface Binding Options

0.0.0.0:8080:80 — all interfaces, publicly accessible. 127.0.0.1:8080:80 — loopback only, localhost access only. 192.168.1.x:8080:80 — specific private interface, LAN only.

Why 0.0.0.0 Is Dangerous

Services bound to 0.0.0.0 are reachable from any network interface including the public internet. Databases (Redis :6379, PostgreSQL :5432, MongoDB :27017) are frequently exposed this way via Docker without the operator realising. Combined with the Docker UFW bypass issue, these services bypass firewall protection entirely.

Related Tools

Docker Auditor →Firewall Auditor →

Fix Guides

Docker port exposure fix

Frequently Asked Questions

What does 0.0.0.0 port binding mean?
A service bound to 0.0.0.0 listens on all network interfaces — loopback, private LAN, and public internet. Any machine that can reach the server's public IP on that port can connect to the service.
How do I check what ports are bound to 0.0.0.0?
Run: ss -tlnp or netstat -tlnp. Look for 0.0.0.0:PORT in the Local Address column. For Docker containers, run docker ps --format 'table {{.Ports}}'.
Should databases ever bind to 0.0.0.0?
Almost never. Databases like Redis, PostgreSQL, and MongoDB should bind to 127.0.0.1 or a private network interface. Public exposure of database ports is one of the most common causes of data breaches on VPS servers.

Related Fix Guides