diff --git a/checkin_notes b/checkin_notes
index 7c8d8ac46c..73d0707ea6 100755
--- a/checkin_notes
+++ b/checkin_notes
@@ -27028,3 +27028,13 @@ David  11 April 2005
 Rom    11 April 2005 (boinc)
     - Tag for 4.30 release, all platforms
       boinc_core_release_4_30
+
+David  11 April 2005
+    - Core client: if we're configured to not accept remote GUI RPC connections
+        (i.e., remote_hosts.cfg if absent or empty,
+        and the -allow_remote_gui_rpc cmdline is absent)
+        then bind our listening socket to 127.0.0.1 rather than INADDR_ANY.
+        This will in theory disallow remote connections.
+
+    client/
+        gui_rpc_server.C
diff --git a/client/gui_rpc_server.C b/client/gui_rpc_server.C
index 0de70d51de..3784173c58 100644
--- a/client/gui_rpc_server.C
+++ b/client/gui_rpc_server.C
@@ -686,7 +686,11 @@ int GUI_RPC_CONN_SET::init() {
 
     addr.sin_family = AF_INET;
     addr.sin_port = htons(GUI_RPC_PORT);
-    addr.sin_addr.s_addr = htonl(INADDR_ANY);
+    if (gstate.allow_remote_gui_rpc || allowed_remote_ip_addresses.size() > 0) {
+        addr.sin_addr.s_addr = htonl(INADDR_ANY);
+    } else {
+        addr.sin_addr.s_addr = htonl(0x7f000001);
+    }
 
     int one = 1;
     setsockopt(lsock, SOL_SOCKET, SO_REUSEADDR, (char*)&one, 4);
@@ -793,7 +797,7 @@ bool GUI_RPC_CONN_SET::poll(double) {
             is_local = true;
         }
 
-        if ( !(gstate.allow_remote_gui_rpc) && !(allowed)) {
+        if (!(gstate.allow_remote_gui_rpc) && !(allowed)) {
             in_addr ia;
             ia.s_addr = htonl(peer_ip);
             show_connect_error(ia);