Docs: secure wide-area Bonjour over Tailscale

docs/bonjour.md

@@ -29,6 +29,11 @@ brew install coredns
 sudo mkdir -p /opt/homebrew/etc/coredns
 sudo tee /opt/homebrew/etc/coredns/Corefile >/dev/null <<'EOF'
 clawdis.internal:53 {
+    # Security: bind only to tailnet IPs so this DNS server is *not* reachable
+    # via LAN/Wi‑Fi/public interfaces.
+    #
+    # Replace `<TAILNET_IPV4>` / `<TAILNET_IPV6>` with this machine’s Tailscale IPs.
+    bind <TAILNET_IPV4> <TAILNET_IPV6>
     log
     errors
     file /opt/homebrew/etc/coredns/clawdis.internal.db
@@ -77,6 +82,17 @@ In the Tailscale admin console:
 
 Once clients accept tailnet DNS, Iris can browse `_clawdis-bridge._tcp` in `clawdis.internal.` without multicast.
 
+### Bridge listener security (recommended)
+
+The bridge port (default `18790`) is a plain TCP service. By default it binds to `0.0.0.0`, which makes it reachable from *any* interface on the gateway machine (LAN/Wi‑Fi/Tailscale).
+
+For a tailnet-only setup, bind it to the Tailscale IP instead:
+
+- Set `CLAWDIS_BRIDGE_HOST=<TAILNET_IPV4>` on the gateway host.
+- Restart the Gateway (or restart the macOS menubar app via `./scripts/restart-mac.sh` on that machine).
+
+This keeps the bridge reachable only from devices on your tailnet (unless you intentionally expose it some other way).
+
 ## What advertises
 
 Only the **Node Gateway** (`clawd` / `clawdis gateway`) advertises Bonjour beacons.

docs/ios/connect.md

@@ -34,6 +34,11 @@ pnpm clawdis gateway --port 18789 --verbose
 Confirm in logs you see something like:
 - `bridge listening on tcp://0.0.0.0:18790 (Iris)`
 
+For tailnet-only setups (recommended for Vienna ⇄ London), bind the bridge to the gateway machine’s Tailscale IP instead:
+
+- Set `CLAWDIS_BRIDGE_HOST=<TAILNET_IPV4>` on the gateway host.
+- Restart the Gateway / macOS menubar app.
+
 ## 2) Verify Bonjour discovery (optional but recommended)
 
 From the gateway machine: