Elasticsearch and Kibana network.host CIDR?

Good afternoon (At least, for EST) -

Do the various hosts field in the elasticsearch.yml and kibana.yml file support CIDR for restricting access to specific subnets?

I attempted to set

network.host: 10.0.0.0/24

And Elasticsearch failed to start, but it starts fine if I set it to a specific local IP or if I set it to 0.0.0.0.

I can set up whitelist-only firewall rules or other security measures, but ideally I would like a clean way to restrict network.host (elasticsearch) and server.host (kibana) to specific subnets if possible.

It's entirely possible (And likely) that this is already possible, and terms like subnet and CIDR simply aren't getting me anywhere when searching.

Thank you for your time!

I haven't seen any network restriction options in the config files for Kibana or elastic; the option "network.host" is the network address in which the services are going to listen (From the local interfaces, 0.0.0.0 is all interfaces); if you want to restrict the access, use a reverse proxy(Nginx, HAProxy, etc.) or firewall.

1 Like

This isn't possible today (except for the special values, notably _site_ means 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 which might work for you). But this isn't the first time someone has suggested this feature, I think it makes a lot of sense, and it doesn't look too hard to implement. A PR would be welcome!

1 Like

It would definitely be useful for smaller deployments that do not wish to handle individual port/routing security on their local network - But for now, I'll go that route. I'll just use iptables or something and set my Elastic and Kibana to 0.0.0.0.

Thank you for your responses!

For anyone that finds this message in the future, here is the solution I will be using:

iptables -A INPUT -p tcp --dport 9200 -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -p tcp --dport 9200 -j DROP
iptables -A INPUT -p tcp --dport 5601-s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -p tcp --dport 5601 -j DROP

With the caveat that the CIDR range will be replaced with whatever I'm using for Elastic and Kibana respectively.