Hi,
I have a server we need to block everything on it from every IP expect for one.
So the server would not ping or allow any connections to it other than from that IP.
Is that possible?
Blocking all access to a server except for one IP
Re: Blocking all access to a server except for one IP
I replied on the WHM forum, but we can keep it on here.
What exactly are you trying to achieve.
If you block all traffic, then you'll have no email.
There would be no web services
DNS wouldn't work.
etc etc etc.
In effect, all you'd have would be a stand alone PC.
What exactly are you trying to achieve.
If you block all traffic, then you'll have no email.
There would be no web services
DNS wouldn't work.
etc etc etc.
In effect, all you'd have would be a stand alone PC.
Re: Blocking all access to a server except for one IP
Thanks, yes this is just so another server can retrieve backups off the server via SSH. It's o.k. if things are not working.
We cannot open the server to the public in anyway. We can only allow access to the server from one IP.
Everything else has to be blocked as if the server is still offline.
We cannot open the server to the public in anyway. We can only allow access to the server from one IP.
Everything else has to be blocked as if the server is still offline.
Re: Blocking all access to a server except for one IP
This should work
The first thing to do would be to whitelist your IP address in the CSF allow list.
In fact, I'd even go as far as trying to set up another IP, just in case.
Maybe your home IP if it's static, even if it's dynamic, give yourself a means of getting back in today, if something goes wrong.
Contact your data centre and maybe obtain their support team IP range also.
The last thing you want to do is inadvertently lock yourself out, with no other means of getting back in.
Then in CSF Config "Allow incoming TCP ports", and " Allow outgoing TCP ports " I'd just remove all ports.
Copy (or screenshot) the port numbers, so you could roll back easily if needed.
The CSF allow list should bypass the missing port numbers, allowing only your IP address (or any others in the allow list).
If you want to test beforehand, maybe try closing a few ports at a time.
The first thing to do would be to whitelist your IP address in the CSF allow list.
In fact, I'd even go as far as trying to set up another IP, just in case.
Maybe your home IP if it's static, even if it's dynamic, give yourself a means of getting back in today, if something goes wrong.
Contact your data centre and maybe obtain their support team IP range also.
The last thing you want to do is inadvertently lock yourself out, with no other means of getting back in.
Then in CSF Config "Allow incoming TCP ports", and " Allow outgoing TCP ports " I'd just remove all ports.
Copy (or screenshot) the port numbers, so you could roll back easily if needed.
The CSF allow list should bypass the missing port numbers, allowing only your IP address (or any others in the allow list).
If you want to test beforehand, maybe try closing a few ports at a time.