Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] restrict access to local networks
Use nftables (or old iptables) to reject any packet for port 1883 which doesn't match your source address. Your Moquitto server can continue to listen on the INADDR_ANY address.

Something like this

nft add rule filter input ip saddr { 192.168.1.0/24, 192.168.2.0/24 } tcp dport { 1883 } accept


Regards, Dougie 

On Mon, 5 Aug 2019 at 11:02, Christian <christian@xxxxxxxxxx> wrote:
Hallo everyone,

after hours of searching and asking google, i see no other way as to ask you
here.

I like to restrict access of a single listener (1883) to two local networks
(i.e. 192.168.1.0/24 and 192.168.2.0/24). So for this listener all requests
not coming from these two networks should be rejected.

Is there any solution for that ?

Thanks in advance
Chris


_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/mosquitto-dev


--
http://twitter.com/DougieLawson

Back to the top