When I first started using:
gunicorn -w 2 -b 0.0.0.0:5001 app:app
I was confused about one thing — what exactly does 0.0.0.0 mean?
At first, I thought it meant:
Public internet
Allow everyone
Some Gunicorn-specific trick
But it’s none of that.
What 0.0.0.0 Actually Means
When I bind to:
0.0.0.0:5001
I’m simply telling the OS that Attach this server to all network interfaces on this machine.
That’s it.
If my server has:
127.0.0.1(localhost)10.0.0.5(private IP)A public IP
Then binding to 0.0.0.0 means to Listen on all of them. It does not mean allow all external traffic. That part is controlled by firewall or security groups.
This Isn’t Just Gunicorn
This concept is not specific to Gunicorn.
You’ll see the same thing in:
Flask →
app.run(host="0.0.0.0")Nginx
Docker
It’s actually an OS-level networking concept.
Then What Is 0.0.0.0/0 in AWS?
In Amazon Web Services security groups:
0.0.0.0/0
Means:
Allow traffic from anywhere on the internet.
That’s CIDR notation — totally different concept.
So now I separate it like this:
0.0.0.0→ Bind everywhere (server-side)0.0.0.0/0→ Allow everyone (network-side)
Same numbers. Different layers.
My Final Understanding
When I run:
gunicorn -b 0.0.0.0:5001 app:app
It just means:
Run the app
Listen on port 5001
Accept connections on all local network interfaces
Let firewall/security decide who is actually allowed
Once I understood this layer separation — application vs OS vs network — everything became much clearer.