Firewall or lockdown by IP

I am testing urBackup via my exisitng Boringproxy install on a VPS. I’m interested in backing up machines across the internet to my home storage. So using websockets it appears that the urBackup client can connect via boringproxy to the home urBackup server. All good.

While the urBackup server is passworded I don’t really want it open to the internet at large. Preferably it would only be allowed to be access by whitelisted IP addresses. Seems to me the only place to implement this would be on the VPS server running boringproxy. I could ban access to port 443 to all but the whitelisted addresses but then my other services on the boringproxy server would be effected.

I guess some firewalling could be done using the Server Tunnel Port? But the only connections to this are via localhost so I guess that’s all or nothing. Any thoughts?

If not possible to use firewall, it would be nice to have an IP whitelist/blacklist in a future release. Thanks

You can add authentication directly the Boring Proxy tunnel itself, as a primary layer of protection.

And / or - within the urBackup software you would need to restrict it by IP address or other additional firewalls. This wouldn’t be done at the Boring Proxy level AFAIK.