Basic Configuration
5.9.3.IP Security
The IP Security feature allows the
In the Text Interface, IP Security parameters are defined via item 5 in the Network Configuration menu (Figure 5.9.) In the Web Browser Interface, these parameters are found by clicking the "IP Security" link on the left hand side of the screen. In the default state, IP Security is disabled.
The IP Security Function employs a TCP Wrapper program which allows the use of standard, Linux operators, wild cards and net/mask pairs to create a host based access control list.
The IP Security configuration menus include "hosts.allow" and "hosts.deny" client lists. Basically, when setting up IP Security, you must enter IP addresses for hosts that you wish to allow in the Allow list, and addresses for hosts that you wish to deny in the Deny list. Since Linux operators, wild cards and net/mask pairs are allowed, these lists can indicate specific addresses, or a range of addresses to be allowed or denied.
When the IP Security feature is properly enabled, and a client attempts to connect, the
1.If the client’s IP address is found in the "hosts.allow" list, the client will be granted immediate access. Once an IP address is found in the Allow list, the
2.If the client’s IP address is not found in the Allow list, the
3.If the client’s IP Address is found in the Deny list, the client will not be allowed to connect.
4.If the client’s IP Address is not found in the Deny list, the client will be allowed to connect, even if the address was not found in the Allow list.
Notes:
•If the
•If both the Allow and Deny lists are left blank, then the IP Security feature will be disabled, and all IP Addresses will be allowed to connect (providing that the proper password and/or SSH key is supplied.)
•When the Allow and Deny lists are defined, the user is only allowed to specify the Client List; the Daemon List and Shell Command cannot be defined.