gogoWebsite

Access rights control of mqtt server

Updated to 23 hours ago

Access permissions of mqtt server

1. Firewall port access address restrictions

vi /etc/sysconfig/iptables

Confirm that port 1883 has been enabled:

-A INPUT -m state –state NEW -m tcp -p tcp –dport 1883 -j ACCEPT

  1. Only enable specified IP access permissions, and all others are prohibited

    iptables -A Filter -p tcp --dport 1883 -s 192.168.1.3 -j ACCEPT

  2. Disable the specified IP segment access permissions, and all others are allowed

    iptables -I INPUT -s 192.168.1.3 -j DROP

Restart and view port status:

service iptables restart

/etc//iptables status

ps:

The command to block the IP segment is
iptables -I INPUT -s 211.1.0.0/16 -j DROP
iptables -I INPUT -s 211.2.0.0/16 -j DROP
iptables -I INPUT -s 211.3.0.0/16 -j DROP

The command to block the entire segment is
iptables -I INPUT -s 211.0.0.0/8 -j DROP

The command to block several segments is
iptables -I INPUT -s 61.37.80.0/24 -j DROP
iptables -I INPUT -s 61.37.81.0/24 -j DROP

Server restricts access

apollo: Append restricted access IP in black-list

Reverse proxy restrictions

Adding tcp proxy module [nginx_tcp_proxy_module] at compile time

/duanxz/p/