As noted in Debian bug #578068, in this day and age, a single-player game shouldn't by default cause a listening port to be opened on a machine's public network interfaces.

Probably many people are saved by being behind NAT, but if/when IPv6 actually happens it may become more of an issue. Not to mention, say, netbooks on public Wi-Fi networks without firewalls.

Best would be to use something like Unix domain sockets as suggested in the Debian bug -- done right, this would keep servers on multiuser machines safe from other users -- but that's a lot of work and we'd need another solution for Windows. Staying with TCP but binding to the localhost interface seems like a "good enough" solution that will work for all the platforms we support.

It feels like this should be as simple as specifying a "--bind" argument to the spawned server. However, it's just the kind of change that will expose some platform-dependent networking issue and embarrassingly break single-player mode for someone. So I'm wary of trying to fix it in 2.3.x.

There are some users who use the client-spawned server as a LAN server (e.g., in this forum thread, and one other I can't find now). This change will break that usage pattern. It's not something we'd recommend anyway -- if the relevant client dies, it'll take down the server -- but we might nevertheless want to consider an option to choose the bound interface for client-spawned servers.