Skip to main content

Is there a way to block total server access to all but one IP?

Comments

10 comments

  • kodeslogic
    I am guessing that you want to allow SSH access for one specific IP address and want to block SSH access to any other. If I got your query correct then below are the steps: Step 1 For that, you need to add an entry to /etc/hosts.allow file vi /etc/hosts.allow
    add the following lines to allow the whitelisted IP sshd: 1.3.6.4
    [QUOTE]Replace "1.3.6.4" with the IP address you wish to allow SSH access
    Step 2 Open up /etc/hosts.allow file vi /etc/hosts.deny
    and add the following lines to deny all SSH connections sshd: ALL
    This will block all incoming SSH requests on your SSH port except IP you mentioned in /etc/hosts.allow file
    0
  • cPJeremy
    Hello! Firstly, the information above mentioned by kodeslogic is helpful and this is an option you can use. However, you can also make these edits by going to WHM's Home "Security Center "Host Access Control. The edits made here will be reflected to the /etc/hosts.allow
    file. From there, you can set rules to allow your IP to access "sshd" and "whostmgrd" or any other service you require access to. To see a full list of services that you permit access to from this section, you can see our documentation on this here: Please note, normally we would not suggest doing this but it can be done doing the above. More information on why this is, and other options you can take is mentioned in the forums post here:
    0
  • WebHostPro
    I am guessing that you want to allow SSH access for one specific IP address and want to block SSH access to any other. If I got your query correct then below are the steps: Step 1 For that, you need to add an entry to /etc/hosts.allow file vi /etc/hosts.allow
    add the following lines to allow the whitelisted IP sshd: 1.3.6.4
    Step 2 Open up /etc/hosts.allow file vi /etc/hosts.deny
    and add the following lines to deny all SSH connections sshd: ALL
    This will block all incoming SSH requests on your SSH port except IP you mentioned in /etc/hosts.allow file

    Thanks, but we want to block all access to one IP. This means you could not ping it unless you are using the one allowed IP. I have a server we need to block all access to but a single IP.

    0
  • cPanelAxel
    Hi, If you want to block access completely to an IP, then this would be performed at the firewall level, such as with iptables, or CSF if you want to use the interface. If you want to block a single IP, this can be easily done in CSF. However, I would not recommend blocking access to all IP's except a single one for all services as this can either cause certain services to not function properly if external connections can't reach your server or may lead to the risk of potentially being locked out of the server unless you have console access. With that said, you may want to ask in the
    0
  • kodeslogic
    For single IP address csf -d 1.3.6.4 "Add your comments for blocking"
    [QUOTE] Replace "1.3.6.4" with the IP address you want to block
    0
  • WebHostPro
    Hi, If you want to block access completely to an IP, then this would be performed at the firewall level, such as with iptables, or CSF if you want to use the interface. If you want to block a single IP, this can be easily done in CSF. However, I would not recommend blocking access to all IP's except a single one for all services as this can either cause certain services to not function properly if external connections can't reach your server or may lead to the risk of potentially being locked out of the server unless you have console access. With that said, you may want to ask in the
    0
  • keat63
    What exactly are you trying to achieve. I understand that you want to block access to all except 1 IP ?? If so, for what purpose ?
    0
  • WebHostPro
    What exactly are you trying to achieve. I understand that you want to block access to all except 1 IP ?? If so, for what purpose ?

    Hi, I have a server that is not allowed to be open into the public. The only access to the server that is allowed is from one IP. The is just for backup access purposes, I realize many services will not work once all other access is blocked. I'm trying to do a total block of the server in and out other than for one IP.
    0
  • keat63
    This should work The first thing to do would be to whitelist your IP address in the CSF allow list. In fact, I'd even go as far as trying to set up another IP, just in case. Maybe your home IP if it's static, even if it's dynamic, give yourself a means of getting back in today, if something goes wrong. Contact your data centre and maybe obtain their support team IP range also. The last thing you want to do is inadvertently lock yourself out, with no other means of getting back in. Then in CSF Config "Allow incoming TCP ports", and " Allow outgoing TCP ports " I'd just remove all ports. Copy (or screenshot) the port numbers, so you could roll back easily if needed. The CSF allow list should bypass the missing port numbers, allowing only your IP address (or any others in the allow list). If you want to test beforehand, maybe try closing a few ports at a time.
    0
  • Michael-Inet
    Then in CSF Config "Allow incoming TCP ports", and " Allow outgoing TCP ports " I'd just remove all ports. Copy (or screenshot) the port numbers, so you could roll back easily if needed.

    WHM "Home "Plugins "ConfigServer Security & Firewall Firewall Profiles: Apply pre-configured csf.conf profiles and backup/restore csf.conf And what everyone else said: - Have at least one other static IP that you whitelist, my preference would be 3 others (other VPSs you own, etc.)
    0

Please sign in to leave a comment.