From 0d9dc51128cd99dd0bc889ea2ba5c2886f646ad4 Mon Sep 17 00:00:00 2001
From: lau90eth <lerobb2@gmail.com>
Date: Wed, 28 Jan 2026 09:42:59 +0100
Subject: [PATCH] chore(security): comment out public P2P ports 30303 TCP/UDP
 in execution service to reduce attack surface

---
 docker-compose.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index fc7cebe1d..ac1bcb0b2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,11 +5,11 @@ services:
       dockerfile: ${CLIENT:-geth}/Dockerfile
     restart: unless-stopped
     ports:
-      - "8545:8545" # RPC
-      - "8546:8546" # websocket
-      - "7301:6060" # metrics
-      - "30303:30303" # P2P TCP
-      - "30303:30303/udp" # P2P UDP
+      - "8545:8545"   # RPC
+      - "8546:8546"   # websocket
+      - "7301:6060"   # metrics
+      # - "30303:30303"     # P2P TCP   (commented out for security: avoid public exposure by default)
+      # - "30303:30303/udp" # P2P UDP   (commented out for security: avoid public exposure by default)
     command: ["bash", "./execution-entrypoint"]
     volumes:
       - ${HOST_DATA_DIR}:/data