This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Limit Incoming Web Connections by IP

I want to allow only a select few IP addresses to access a web server located in the LAN side of the network, and to silently drop all other requests.  And, this is in addition to the open web access to my server in the dmz.
My first thought was to create a network (host) for the allowed external IP's and then group them into a Network Group.  But that means a number of discrete networks for each host I want to allow in.  Is this the right approach?  Any better solutions?
Note, I cannot limit access by authentication challenge from the web server as I don't want non-authorized users to even know about the server - hence, the firewall solution.

This thread was automatically locked due to age.

Parents

0 Xeno over 22 years ago

Just make some rules for doing that. The "from:"-field is your friend.

Are you using DNAT for connection from external to the Webserver? Please tell us a little bit more about your network.

Xeno
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Xeno over 22 years ago

Just make some rules for doing that. The "from:"-field is your friend.

Are you using DNAT for connection from external to the Webserver? Please tell us a little bit more about your network.

Xeno
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Dave Daniel over 22 years ago in reply to Xeno

My question is how best to manage the 10-12 IP addy's that I need to allow in. I could see the network list growing pretty fast as I add additional hosts.

Not sure if it's best to use the network definitions, or to mod the files directly via the os or external file of some kind.
Cancel
Vote Up 0 Vote Down

Cancel