Cluster Firewall Configuration

NiFi clustering supports network access restrictions using a custom firewall configuration. The nifi.cluster.firewall.file property can be configured with a path to a file containing hostnames, IP addresses, or subnets of permitted nodes. The Cluster Coordinator uses the configuration to determine whether to accept or reject heartbeats and connection requests from potential cluster members.

The configuration file format expects one entry per line and ignores lines beginning with the # character. NiFi uses standard Java host name resolution to convert names to IP addresses. Java host name resolution leverages a combination of local machine configuration and network services, such as DNS. The configuration file supports IPv4 addresses or subnet ranges using CIDR notation. The following example cluster firewall configuration includes a combination of supported entries:

# Cluster Node Hostnames
nifi0.example.com
nifi1.example.com
nifi3.example.com
# Cluster Node Addresses
192.168.0.1
192.168.0.2
192.168.0.3
# Cluster Subnet Address
192.168.0.0/29 # Address Range from 192.168.0.1 to 192.168.0.6