Make an IP restriction

[Frenshow]

Hi Guys !

I would like to know if it possible and how to make an IP restriction for a container. Indeed, I use a container for Prometheus and I want to refused access to few IP adress.

Thanks !

 

[oguz]

hi,

you can set up the firewall rules on the GUI: CT -> Firewall and then add the rules you want.

afterwards CT -> Firewall -> Options -> Firewall: On would enable it

 

[Frenshow]

For manage IP restriction I can use "IPSet" ?

 

[oguz]

yes, or you can also make an "Alias"

 

[Frenshow]

In "IPSet" I configure the IP that I want to allow access but when I enable IP filter and firewall", its doesn't work !

 

[Frenshow]

In fact, we don't want IPs that are not in our network to be able to access Prometheus

 

[oguz]

In "IPSet" I configure the IP that I want to allow access but when I enable IP filter and firewall", its doesn't work !

could you please show the firewall rules you added? (mask your IP)

In fact, we don't want IPs that are not in our network to be able to access Prometheus

you need to:
1. create an IPset for your trusted range
2. add a new rule in CT firewall to allow this IPset as "Source" to any destination
3. add another rule in CT firewall to DROP everything else

 

[Frenshow]

I moved forward ! Thanks

But now I want put a range in IPSet. I would like to know, How can I make it ?

 

[oguz]

you can write a CIDR there instead of a single IP, f.e. 192.168.0.0/24