Hallo,
I am trying to restrict the access of a deployed Chirpstack LoRaWAN Gateway to the MQTT backhaul as much as possible. In the past I had tried using
user gatewayuser
topic readwrite gateway/xxxxxxxxxxxxxxxx/event/#
topic readwrite gateway/xxxxxxxxxxxxxxxx/state/#
topic readwrite gateway/xxxxxxxxxxxxxxxx/command/#
in /etc/mosquitto/acl
I thought this still was a bit too broad because e.g. the gateway wouldn’t be required to read from state
but only write to it etc. but already this seems to have resulted in problems especially for joining of new devices to the network. I have now relaxed it back to topic readwrite gateway/#
which is of course not nice, because gateways could influence each other.
What is the minimal set of MQTT ACLs necessary for a fully operational gateway bridge?
Cheers in advance!