A security question regarding mavproxy

I like to ask when we set mavproxy to the network mode. Usually we will --out=xxx.xxx.xxx.xxx to transmit heart beat to your ground control ip.

But for the ground control to communicate and transmit command to mavproxy, is there a limit to where the ip is sending the command to it or any way it actually authenticate which ground control is commanding it.

Or anyone in the same network can just send commands to mavproxy?

Of course it makes sense that someone should secure its own network from being accessed. But is there an added protection to only process commands from valid source?

I’ve been using a dedicated network tunnel in order to prevent access by anyone else.

Zerotier is a good and simple solution if you don’t know how setup a network tunnel.

Yea but I am wondering in a scenario where network is compromised. Other than setting up a firewall does mavproxy recognise the source of command.

MavProxy supports MavLink message signing though it needs to be set up (keyed) using a secure link (like USB).