1

I am running my postgres-9.2 on 6432 port and pgbouncer on 5432 port. Few of my colleagues client machines have the firewall connection permissions on 5432 port on server machine. But as a DB admin, I wanted to restrict some IP addresses from accessing the database.

But, though I block in the pg_hba.conf file, since the pgbouncer port is allowed, they are able to access.

I can block at the OS firewall level but I don't want to take the help of my system administrator. So, is there any way to restrict and deny IP addresses from accessing the pgbouncer as we generally do through pg_hba.conf for the postgresql.

Please suggest.

Shashikanth Komandoor
  • 781
  • 1
  • 11
  • 29

1 Answers1

0

https://pgbouncer.github.io/2015/12/pgbouncer-1-7

Main changes from v1.6 are support for TLS connections, HBA control file and authentication via unix peer uid.

So from 1.7 you have hba file, just like in vanil postgres. And thus filtering connections by IP is as easy.

Also you can use some tricks, dropping connections after they connected, as described in my other recent answer https://stackoverflow.com/a/46191949/5315974 but again - it is more a trick for urgently getting rid of connections. Using such tricks in while loop or as a job is generally a bad idea.

Vao Tsun
  • 47,234
  • 13
  • 100
  • 132