Reputation: 11
Restrict mosquitto MQTT publisher to just one IP address
I'm not sure if this is possible from the conf file but it should be. I don't care what network subscribers come from... .i.e what ip address/network adapter the subscribers connect to but I only want 127.0.0.1 or another network adapter (like an openVPN virtual adapter) to be able to publish messages. Is that achievable with mosquitto?
Upvotes: 1
Views: 1271
Answers (1)
Reputation: 59618
Not easily. This is normally something you would do via usernames to identify a user that can publish and then deny publishing to anonymous users.
You may be able to effectively achieve what you want by using the per_listener_settings setting to attach different ACL files to each listener and have a specific listener for the lo interface.
The problem with this is you would need to have listeners for every interface and I'm not sure how it would behave with interfaces that may not be present at startup (e.g. a vpn adapter)
per_listener_settings true
listener 1883 127.0.0.1
acl_file /path/acl_allow_publish
listener 1883 192.168.0.1
acl_file /path/acl_allow_only_subscribe
Upvotes: 2
Related Questions
- How to publish a message to a specific client in Mosquitto MQTT
- Receive MQTT from multiple servers using Mosquitto brokier
- Stop Mosquitto from sending the message to its owner(sender)
- Using MQTT with multiple subscribers
- Mosquitto configuration not accepting listener containing IP address
- how to prevent conflicts between publishing and subscribing in mosquitto?
- How to make mosquitto_sub print ip address of publisher of particular message
- MQTT, is it possible to block publications for everyone besides localhost, and leave the subscriptions open to everybody?
- how to restrict access of the subscribers to the published messages
- mosquitto - disable subscribing without authorization