The option -nodes is not the English word “nodes”, but rather is “no DES”. When given as an argument, it means OpenSSL will not encrypt the private key in a PKCS#12 file.
To encrypt the private key, you can omit -nodes and your key will be encrypted with 3DES-CBC. To encrypt the key, OpenSSL prompts you for a password and it uses that password to generate an encryption key using the key-derivation function EVP_BytesToKey.
Depending on your version of OpenSSL and compiled options, you may be able to provide these options in place of -nodes:
-des encrypt private keys with DES
-des3 encrypt private keys with triple DES (default)
-idea encrypt private keys with idea
-seed encrypt private keys with seed
-aes128, -aes192, -aes256
encrypt PEM output with cbc aes
-camellia128, -camellia192, -camellia256
encrypt PEM output with cbc camellia
Ultimately at the library level OpenSSL calls the function PEM_write_bio_PrivateKey with the encryption algorithm (or lack thereof) you choose.