Hello
Securely exposing DICOM requires DICOM TLS or a VPN/secure tunnel. The former is described in the Orthanc Book.
Regarding the filtering, if you don’t mind deleting the instances that have been stored by unauthorized entities, you could start from something like this sample, but instead of using the remote AET, you could use the RemoteIP (see the list of core metadata)
This thread could also be of interest to you.
Another option is to perform the filtering in the Lua side, where it can prevent the DICOM to be stored altogether. At that stage, you cannot use metadata (they don’t exist yet), but the Lua callback supplies origin information:
-
Origin of the Instances (contains the remote IP)
Hope this helps! Let us know how it goes…