Disallow All IP for SSH except for French IP

French user

• June 17, 2015 00:31

Hello, Is it possible to disallow all IP for SSH / WHM / Cpanel except the French IP's ? Of course all countries must be allow to be visit the website hosted on my dedicated server... I checked in Home " Plugins " ConfigServer Security & Firewall and I found only the possibilty to disalow the IP's for all service include the website and not only SSH / WHM / Cpanel Thanks

• 

  LostNerd

  • June 17, 2015 11:48

  This would be a big task. Having to work out what subnets are exclusive to France and then building allow rules around them rather than trying to block 163 countries instead. I, personally would rather recommend that you lock it down via a hardware firewall (This is what I do) so that if my IP changes, I can update it in the hardware firewall and then log in to SSH respectively.

  0
• 

  French user

  • June 17, 2015 14:14

  That's not a big task :-) if the concept can work with France, the same setting can work with other country and avoid hacking.... I don't have a fix IP internet connection but i'm alway in France, so that's the best solution to reduce the haking

  0
• 

  LostNerd

  • June 17, 2015 15:01

  It simply reduces the chances of hacking to people who are able to use a VPN based in france. Which is still anybody with access to Google (Search free france based VPN). Can you ask your ISP what IP ranges they use? Even just allowing those ranges is safer than the entire country yet still not ideal.

  0
• 

  24x7ss

  • June 17, 2015 17:48

  Hello :), Instead of blocking countries, you can access the SSH using public key. As you are having dynamic IP from your ISP, you can setup a public key using which only you can connect through SSH, though your IP gets changes frequently. You can find more details at :

  0
• 

  French user

  • June 18, 2015 09:24

  public key can be a very good idea with SSH but it doesn't solve on WHM and Cpanel ;-) Concerning => Can you ask your ISP what IP ranges they use? It's like if I want try to talk with GOD :-) the customer services doesn't know what is IP, they only know how to improve their business and they doesn't care with the rest....

  0
• 

  cPanelMichael

  • July 01, 2015 16:16

  Hello :) The feature you are looking for is called "Host Access Control". It's documented at:

  0
• 

  keat63

  • July 02, 2015 09:45

  I have done exactly this . I found that my ISP uses only two ranges of IP, so I added both ranges as follows. 192.168.0.0/255.255.0.0 192.169.0.0/255.255.0.0 Obviously ive obfuscated my real range, but you get the picture. You may need to add a few more as you find them, and you also run the risk of locking yourself out unless you add yourself something which you know is a static IP. For me, this was my work IP.

  0

Please sign in to leave a comment.