How to limit the discoverability of a WCF service to certain addresses?

I have a desktop app that connects to a WCF service and uses WCF 4.0 discovery. My code to make the service discoverable looks like this:

public static void MakeServiceHostDiscoverable(ServiceHost开发者_如何学JAVA sh)
    {
        IServiceBehavior Beh = new ServiceDiscoveryBehavior();
        sh.Description.Behaviors.Add(Beh);
        ServiceEndpoint Endp = new UdpDiscoveryEndpoint();
        sh.AddServiceEndpoint(Endp);

    }

Recently the app is being used by 2 different departments in the same company. Each department has its own server(s) and clients in that department should only discover the server(s) of this department. Right now clients can see all servers within the company network.

Is there a way for the service to limit from which IP addresses it can be discovered? Or, even better, can it dynamically approve/reject discovery requests as they happen?

The initial discovery aspect of WS-Discovery works on a broadcast principle -- it's not receiving and replying to requests. In part, the purpose of metadata is to help clients distinguish which services it is eligible for. Beyond that, you should apply appropriate security to authenticate and authorize incoming requests at the service level. Finally, if the departments are on separate subnets, you can filter the UDP broadcasts between subnets, presuming you have appropriate network infrastructure in place.