Restrict connection attempts from IP directions that are not in a pool of directions

Asked 2 days ago
Viewed 6 times

I just wanted to ask something I've not found a way to do on ZeroMQ. I've got a broker that uses Router socket for communication with some clients and a Dealer socket that asks some servers for the solution of this requests, basically a Client/Server model but it includes a broker in the middle that acts as a load balancer.

I have done some tests and I have realized that there is no restriction so that the Dealer socket does not accept requests from machines with an IP address that does not belong to a given range of IPs. I implemented the broker in Java using JeroMQ, however I would like to know if there is any way to know the IP from which I am receiving a connection attempt.

In an attempt to get this address, I decided to make a helper class that would run as a thread and listen for connections and print the code of the event that it received, as well as the addressListener code, however, this address that it prints is the address where receives the event, not the one from which it was sent. I'm pretty new using this library, that's why I'd like to ask for some help.

asked 2 days ago

Correct Answer

The client ip address is not available to you using ZeroMQ.

Rather than trying to use ip addresses as a security layer, the recommendation is to implement some sort of authentication layer instead (e.g., using ZAP, the ZeroMQ authentication protocol).

You can of course also implement firewall rules either on your host or at the network layer to block client addresses outside of the allowed range.

answered 2 days ago