OK, thanks for your feedback.
FYI, my usecase was to prevent developers to misconfigure their applications in production.
They have :
- a batch, executed on a machine "host_batch", that has R/W access to some indexes using login "user_rw"
- a web application, executed on another machine "host_webapp", that has RO access to these same indexes using login "user_ro"
Unfortunately, firewall rules cannot prevent from this kind of misconfiguration (e.g. : webapp using "user_rw"). It only prevents developers to use their production credentials from their development machines.
Maybe the couple {login, IP/hostname} could be an evolution in the SearchGuard configuration.