Host Access Control
Host Access Control allows you to set up specific rules to allow or deny access to your server and services on it based on the IP address that is attempting to connect. It is general practice that denying all connections and only allowing connections that you wish to proceed is the most secure way to use Host Access Control.
To set up a rule, you will need to add the service you wish to create the rule for, the IP address(es) you wish to allow or deny, and then the action to be taken (allow or deny).
For example, you could set up the following rules to lock down your SSH service:
| Daemon | Access List | Action | Comment | ||
|---|---|---|---|---|---|
| sshd | 192.168.0.0/255.255.255.0 | allow | Allow local SSH access | ||
| sshd | 198.66.254.254 | allow | Allow SSH from my specific IP | ||
| sshd | ALL | deny | Deny access from all other IPs |
Note that the rules have an order of precedence. You need to place your allow rules before your deny rules if you are choosing to use the allow from a few, then deny from all technique.
You can also use "ALL EXCEPT x.x.x.x" as an Access List which will allow all IP addresses except x.x.x.x (replace with a specific IP address).