diff --git a/mcp_bridge/mcp_server.py b/mcp_bridge/mcp_server.py
index 3326229..5925f35 100644
--- a/mcp_bridge/mcp_server.py
+++ b/mcp_bridge/mcp_server.py
@@ -102,8 +102,18 @@ def queue_status() -> str:
 
 
 # Custom non-MCP routes (no auth required - local access only)
+INTERNAL_PREFIXES = ("127.", "10.5.0.", "::1", "100.79.")  # localhost, LAN, NetBird
+
+
 async def ingest_message(request: Request) -> JSONResponse:
     """HTTP endpoint for local services to log messages into the bridge."""
+    # Check real client IP (X-Forwarded-For from NPM, or direct connection)
+    forwarded = request.headers.get("x-forwarded-for", "")
+    real_ip = request.headers.get("x-real-ip", "")
+    client_ip = forwarded.split(",")[0].strip() or real_ip or (request.client.host if request.client else "")
+    if not any(client_ip.startswith(p) for p in INTERNAL_PREFIXES):
+        return JSONResponse({"error": "forbidden"}, status_code=403)
+
     try:
         data = await request.json()
     except Exception: