[chrisjj]

The article says no, the default is listening to just localhost. Given the instances in question have been deliberately configured to listen on public ports, calling this misconfiguration seems somewhat unjustified.

[crimsonnoodle58]

Not true for their docker instructions which specify -p 11434:11434 instead of -p 127.0.0.1:11434:11434. [1]

Combine that with rootful docker's famous bypass of ufw and you have a publicly exposed ollama, even with a firewall. [2]

[1] https://docs.ollama.com/docker

[2] https://github.com/moby/moby/issues/4737

[chrisjj]

Ouch. Thanks.