WikiSuite | How to configure ClearOS to only permit management from a specific IP address

ClearOS offers Attack Detector but if you have have a fixed IP address, you can restrict SSH and / or Webconfig (the web-based admin panel) to a specific IP address.

Below is an example to remove SSH (usually port 22) and Webconfig (port 81) access from default Incoming Firewall (https://example.org:81/app/incoming_firewall) and replace by rules in the Custom Firewall

Be careful not to lock yourself out!

Blanket block of SSH access on port 22

iptables -I INPUT -p tcp --dport 22 -j DROP

Accept connections from 203.0.113.0 (replace with your IP)

iptables -I INPUT -p tcp --source 203.0.113.0 --dport 22 -j ACCEPT

Blanket block of ClearOS Webconfig

iptables -I INPUT -p tcp --dport 81 -j DROP

Accept connections from 203.0.113.0 (replace with your IP)

iptables -I INPUT -p tcp --source 203.0.113.0 --dport 81 -j ACCEPT

Notes

The order of the rules is important
Make sure you have activated the rules on the Custom Firewall (you disable a rule instead of deleting)

Information	Version
2020-12-13 06:59 Marc Laporte	13	View
2020-01-27 04:18 Nick Howitt	12	View
2020-01-27 04:17 Nick Howitt	11	View
2016-11-14 11:07 Marc Laporte	10	View
2016-11-12 12:50 Marc Laporte	9	View
2016-11-11 17:20 Marc Laporte	8	View
2016-11-11 16:58 Marc Laporte	7	View
2016-11-11 16:56 Marc Laporte	6	View
2016-11-11 16:54 Marc Laporte	5	View
2016-11-11 16:47 Marc Laporte	4	View
2016-11-11 16:38 Marc Laporte	3	View
2016-11-11 16:37 Marc Laporte	2	View
2016-11-11 16:29 Marc Laporte	1	View

History: How to configure ClearOS to only permit management from a specific IP address

Preview of version: 5

Notes

History