Whitelist TCP Traffic

Is there a way to whitelist TCP traffic akin to ACLs in HAProxy?

Trying to do something like this:

 [tcp.routers]
      [tcp.routers.kubeapi]
        entrypoints = ["https"]
        rule = "HostSNI(`kubernetes`)"
        middlewares = ["kube_whitelist"]
        service = "kubeapi"
      [tcp.routers.kubeapi.tls]
        passthrough = true
      [tcp.services]
        [tcp.services.kubeapi.LoadBalancer]
          [[tcp.services.kubeapi.LoadBalancer.servers]]
            address = "kubernetes.default:443"

    [tcp.middlewares]
      [tcp.middlewares.kube_whitelist.ipWhiteList]
        sourceRange = ["1.2.3.4/32"]
1 Like

Hello @acaire,

Today there is no tcp middleware available in traefik v2.

Thought as much, thanks all the same!

Hello,
There is a hope that one day we can configure some of the available middleware for TCP ?
Like whitelist, basicauth, ForwardAuth.
Or this is impossible by design?
Best regards,

Brice

I'd love to see middleware added to TCP (what's possible anyway). What I'm after most is IP Whitelisting for TCP services.

1 Like

Also looking for this feature!