Another possible solution is to use stunnel to authenticate clients with a certificate. It's a bit harder to spoof a certificate than an IP address.
-----Original Message----- From: Benjamin Black [mailto:b...@b3k.us] Sent: Thursday, August 29, 2013 1:10 PM To: users@kafka.apache.org Subject: Re: Securing kafka IP filters on the hosts. On Aug 29, 2013 10:03 AM, "Calvin Lei" <ckp...@gmail.com> wrote: > Is there a way to stop a malicious user to connect directly to a kafka > broker and send any messages? Could we have the brokers to accept a > message to a list of know IPs? >