diff --git a/library/RemoteServer.cpp b/library/RemoteServer.cpp
index df65e8e5a..699176549 100644
--- a/library/RemoteServer.cpp
+++ b/library/RemoteServer.cpp
@@ -284,7 +284,11 @@ void ServerConnection::threadFn()
         }
         else
         {
-            if (!fn->in()->ParseFromArray(buf.get(), header.size))
+			if (((fn->flags & SF_ALLOW_REMOTE) != SF_ALLOW_REMOTE) && strcmp(socket->GetClientAddr(), "127.0.0.1") != 0)
+			{
+				stream.printerr("In call to %s: forbidden host: %s\n", fn->name, socket->GetClientAddr());
+			}
+            else if (!fn->in()->ParseFromArray(buf.get(), header.size))
             {
                 stream.printerr("In call to %s: could not decode input args.\n", fn->name);
             }
diff --git a/library/include/RemoteServer.h b/library/include/RemoteServer.h
index df2f42712..d01eb0a19 100644
--- a/library/include/RemoteServer.h
+++ b/library/include/RemoteServer.h
@@ -46,7 +46,10 @@ namespace  DFHack
         SF_CALLED_ONCE = 1,
         // Don't automatically suspend the core around the call.
         // The function is supposed to manage locking itself.
-        SF_DONT_SUSPEND = 2
+        SF_DONT_SUSPEND = 2,
+		// The function is considered safe to call from a remote computer.
+		// All other functions cannot be allowed for security reasons.
+		SF_ALLOW_REMOTE = 4
     };
 
     class DFHACK_EXPORT ServerFunctionBase : public RPCFunctionBase {