There are other tools at your disposal too, like iptables. If you are down to permitting (or refusing) forwarders based on source IP address, Splunk can do it. But the operating system is better equipped for the same job. If nothing else, you can update iptables configurations without having to restart splunkd.
If you cannot do source-IP based control, then SSL and the SSL client certificate that Gerald mentioned is a good solution.
Back to your original problem that started this, port 8089 is typically the Splunkd REST port. Unless you are using the REST API to submit events (and 99% of things do not) this is not the port you use to get data in.
... View more