KIP-252 — Extend ACLs to allow filtering based on ip ranges and subnets
Discussion Security
Extends the Kafka ACL model to support CIDR-based IP range matching in the `host` field of an ACL entry, in addition to exact IP addresses and the `*` wildcard. Currently, granting access to a subnet requires creating one ACL entry per individual IP address, which is unmanageable in environments with dynamic or numerous client IP addresses.
Details
| Author | Sönke Liebau |
| Status | Discussion |
| JIRA | KAFKA-4759 |
| Wiki | View on Apache Wiki |
| Created | 2018-01-31 |
| Last Modified | 2018-05-03 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.