Allow for multiple listen interfaces

[firefart]

Currently the listen option only allows one ip to listen on. Would it be possible to also separate them by comma and start multiple instances of ThreadedTCPServer? This would allow to listen on multiple interfaces, for example localhost and some specific docker interfaces. Currently it's only possible to listen on 0.0.0.0 and work around this issue with allowlists but I would prefer px not to be reachable from outside at all (without a need for a local firewall).

[genotrance]

Seems feasible but I'm wondering how to resolve the behavior with --gateway + --allow which achieve the same thing but with filtering done once connected at the app level instead of at the IP level.

If --listen has multiple entries, --allow will still make it possible to restrict access to specific subnets on that interface. Also, --gateway is more resilient to host IP changes whereas explicit --listen values will need to be changed if host IP changes. You could call it more secure and inconvenient - just how "more secure" typically ends up being.

[genotrance]

This is fixed in v0.9.0 still in development - see branch.

[genotrance]

v0.9.0 has been released.