Packet Forwarder Filter

I am somewhat surprised there is not yet a feature that allows you to filter the incoming packets and drop the ones you don’t want.

I have been working with a packet forwarder that has a 4G modem and the goal is to forward the received packets from the connected devices to TTN. On its own it worked well with reliable telemetry data going from the device to TTN.

I then took a look at the data being sent so I could get an indication on how much cellular bandwidth was going to be consumed then realised that there seem to be a few other LoRa devices that don’e belong to me sending packets via the gateway/packet forwarded. Actually they were sending more data than my devices were.

My initial thoughts were that I need to look at changing the setup and run the GW as a server, then have the server send only the required data over the 4G link. but that also got me wondering as to why there was not a way to implement a filter on the forwarder that either looks at the device EUI and compares it to a list of allowed devices or even checks out the AppEUI.

If the EUI is not listed in the “white list” then the packet is dropped and not forwarded.
Using the AppEUI makes a little more as it is going to be a little more consistent in larger networks although the DevEUI is exposed in the header and would be easier to get at. Im not sure that the DevEUI is stored in the header.

Its really just a thought at this stage and I am quickly coming to the realisation that setting the gw up as a server may be the only way around this to prevent unwanted packets from being sent over the 4G link but it also adds a level of complexity as all the GW/Sever devices will need to be updated with the device’s.

See the filters section in the Gateway Bridge documentation. You can filter by NetID and JoinEUI:

This assumes you are able to run the gateway bridge locally (on gateway or otherwise) prior to consuming cellular bandwidth.

Thank you @bconway, this looks like its exactly what I am after. Checked the gateway we are using and it is running gateway-bridge and have found the config file. Hopefully i can modify the config and get this to work. I did notice that there are a few differences in the config.

Thanks again and Merry Xmas.

[general]
# debug=5, info=4, warning=3, error=2, fatal=1, panic=0
log_level = 4

# Configuration which relates to the packet-forwarder.
[packet_forwarder]
# ip:port to bind the UDP listener to
#
# Example: 0.0.0.0:1700 to listen on port 1700 for all network interfaces.
# This is the listeren to which the packet-forwarder forwards its data
# so make sure the 'serv_port_up' and 'serv_port_down' from your
# packet-forwarder matches this port.
udp_bind = "0.0.0.0:1700"

# Skip the CRC status-check of received packets
#
# This is only has effect when the packet-forwarder is configured to forward
# LoRa frames with CRC errors.
skip_crc_check = false

  # # Managed packet-forwarder configuration.
  # #
  # # By configuring one or multiple managed packet-forwarder sections, the
  # # LoRa Gateway Bridge updates the configuration when the backend receives
  # # a configuration change, after which it will restart the packet-forwarder.
  # [[packet_forwarder.configuration]]
  # # Gateway MAC.
  # #
  # # The LoRa Gateway Bridge will only apply the configuration updates for this
  # # gateway MAC.
  # mac="0102030405060708"

  # # Base configuration file.
  # #
  # # This file will be used as base-configuration and will not be overwritten on
  # # a configuration update. This file needs to exist and contains the base
  # # configuration and vendor specific
  # base_file="/etc/lora-packet-forwarder/global_conf.json"

  # # Output configuration file.
  # #
  # # This will be the final configuration for the packet-forwarder, containing
  # # a merged version of the base configuration + the requested configuration
  # # update.
  # # Warning: this file will be overwritten on a configuration update!
  # output_file="/etc/lora-packet-forwarder/local_conf.json"

  # # Restart command.
  # #
  # # This command is issued by the LoRa Gateway Bridge on a configuration
  # # change. Make sure the LoRa Gateway Bridge process has sufficient
  # # permissions to execute this command.
  # restart_command="/etc/init.d/lora-packet-forwarder restart"


# Configuration for the MQTT backend.
[backend.mqtt]
# MQTT topic templates for the different MQTT topics.
#
# The meaning of these topics are documented at:
# https://docs.loraserver.io/lora-gateway-bridge/use/data/
#
# The default values match the default expected configuration of the
# LoRa Server MQTT backend. Therefore only change these values when
# absolutely needed.
# Use "{{ .MAC }}" as an substitution for the LoRa gateway MAC.
uplink_topic_template="gateway/{{ .MAC }}/rx"
downlink_topic_template="gateway/{{ .MAC }}/tx"
stats_topic_template="gateway/{{ .MAC }}/stats"
ack_topic_template="gateway/{{ .MAC }}/ack"
config_topic_template="gateway/{{ .MAC }}/config"

# MQTT server (e.g. scheme://host:port where scheme is tcp, ssl or ws)
server="tcp://127.0.0.1:1883"

# Connect with the given username (optional)
username="**user**"

# Connect with the given password (optional)
password="**pass**"

# Quality of service level
#
# 0: at most once
# 1: at least once
# 2: exactly once
#
# Note: an increase of this value will decrease the performance.
# For more information: https://www.hivemq.com/blog/mqtt-essentials-part-6-mqtt-quality-of-service-levels
qos=0

# Clean session
#
# Set the "clean session" flag in the connect message when this client
# connects to an MQTT broker. By setting this flag you are indicating
# that no messages saved by the broker for this client should be delivered.
clean_session=true

# Client ID
#
# Set the client id to be used by this client when connecting to the MQTT
# broker. A client id must be no longer than 23 characters. When left blank,
# a random id will be generated. This requires clean_session=true.
client_id=""

# CA certificate file (optional)
#
# Use this when setting up a secure connection (when server uses ssl://...)
# but the certificate used by the server is not trusted by any CA certificate
# on the server (e.g. when self generated).
ca_cert=""

# mqtt TLS certificate file (optional)
tls_cert=""

# mqtt TLS key file (optional)
tls_key=""