Open melicherm opened 1 day ago
mStirner
commented
1 day ago How should that work? To read a modbus register/value, you have to write on the Bus.
The only "read only" modus i can image is a simple monitoring of the messages on the Bus/USB Adapter.
Can you elaborate more what you expect?
melicherm
commented
1 day ago Hello, good point.
The use case:
We have a network of around 20 frequency controllers behind an Modbus RTU to Modbus IP gateway running mbusd. We use Zabbix to monitor the values over the gateway with the use of ,,modbus_read" function. Obwiously it's a separated dedicated network, but still...
example: modbus_read[{HOST.CONN}:{$MODBUS_PORT},{$MODBUS_SLAVE},1,4,uint16]
modbus_read[192.168.1.10:502,20,1,4,uint16]
But we are hardening our security and we would like to reject "write" commands coming to the IP side. So no Write command could be directed to RTU side from IP side. Hope i have explained it clearly -> the use case.
Buf if there would be a function modbus_write[] this could bring security issues -> someone could turn ON or OFF devices, etc... we have seen such articles in the news :)
Hello dear community, with the aspect of security, is there the possibility to allow only read operations through the gateway?
or could this feature be added with a context switch -ro ?
One could modify the code and build the app without write features, but this could be interesting.... to have a hardened security feature.
Thanks!