Another possible solution is to use stunnel to authenticate clients with a certificate. It's a bit harder to spoof a certificate than an IP address.
-----Original Message----- From: Benjamin Black [mailto:[email protected]] Sent: Thursday, August 29, 2013 1:10 PM To: [email protected] Subject: Re: Securing kafka IP filters on the hosts. On Aug 29, 2013 10:03 AM, "Calvin Lei" <[email protected]> wrote: > Is there a way to stop a malicious user to connect directly to a kafka > broker and send any messages? Could we have the brokers to accept a > message to a list of know IPs? >
