Table of Contents

How to Configure Global IP Access Control

Prerequisites

Last Updated for InterWorx-CP version 3.0.1

No special prerequisites.

Purpose

The following procedures explain how to add Trusted IPs and Blocked IPs to the firewall configuration. Trusted IPs will be allowed through the firewall across all ports, while Blocked IPs will be denied access across all ports. IPs not listed in either Trusted IPs or Blocked IPs will be subject to the per-port rules in the Port Access section.

Procedure - Add an IP Address

  1. Click on the Server menu if it is not already expanded.
  2. Click on the ♦    Firewall item.
  3. You should now be looking at the Firewall controls in the main content area.
  4. Locate the Global IP Access Control section.
  5. Add the IPs, one per line, you wish to trust to the Trusted IPs box.
  6. Add the IPs, one per line, you wish to block to the Block IPs box.
  7. Click the Update button.
  8. You will see the following message at the top of the screen: » List of trusted and/or blocked IPs was updated

 You will trigger an error if you try to add the same IP address to both the Trusted IPs and Blocked IPs list

Procedure - Remove an IP Address

  1. Click on the Server menu if it is not already expanded.
  2. Click on the ♦    Firewall item.
  3. You should now be looking at the Firewall controls in the main content area.
  4. Locate the Global IP Access Control section.
  5. Remove the IPs, one per line, you no longer wish to trust from the Trusted IPs box.
  6. Remove the IPs, one per line, you no longer wish to block from the Block IPs box.
  7. Click the Update button.
  8. You will see the following message at the top of the screen: » List of trusted and/or blocked IPs was updated

Firewall IP Address Reference

Simple Syntax

  1. The simplest syntax is just a single valid IP address. For example, 192.168.1.10 and 169.254.43.11 are valid entries.
  2. You can also enter masked IP addresses which allows you to cover an entire range of IPs. For example, 10.0.1.0/24 and 192.0.0.0/8 are valid entries.

Advanced Syntax

The advanced IP syntax not only gives you control over the IP address, but also the protocol (udp or tcp), flow direction (inbound or outbound), and port. The advanced syntax is: 

protocol:flow:port:ip
  1. protocol: Either udp or tcp. protocol is optional, and if not given, tcp is assumed.
  2. flow: in or out. If protocol is given, then flow is required, otherwise flow is optional. If flow is not given, in is assumed.
  3. s/d=port: A single port number. You must also specify if the port is the source port (s=), where the packet originates from, or the destination port (d=), where the packet will end up.
  4. s/d=ip: A valid IP address. You may use an IP address or an IP address and mask. You must also specify if the IP address is the source IP (s=), where the packet originates from, or the destination IP (d=), where the packet will end up.

Example 1

Inbound TCP to destination port 3306 from 172.60.32.0/24 

d=3306:s=172.60.32.0/24

Example 2

Inbound TCP from port 3000 from 24.202.16.11 

s=3000:s=24.202.16.11

Example 3

Outbound TCP to destination port 22 to destination host 65.114.132.9 

out:d=22:d=65.114.132.9

Example 4

Inbound UDP to destination port 1024 from destination host 43.213.13.20 

udp:in:d=20:s=43.213.13.20
COPYRIGHT © InterWorx L.L.C. 2004-2008 PRIVACY POLICYEULA