5-52
Basic Configuration
5.9.3. IP Security
The IP Security feature allows the TSM/RSM to restrict unauthorized IPv4 or IPv6
format IP addresses from establishing inbound Telnet connections to the unit. This
allows you to grant Telnet access to only a specific group of IP addresses, or block a
particular IP address completely. In the default state, the TSM/RSM accepts incoming IP
connections from all hosts.
In the Text Interface, IP Security parameters are defined via item 5 in the Network
Configuration menu. In the Web Browser Interface, these parameters are found by
placing the cursor over the "Network Configuration" link on the left hand side of the
screen, and then clicking on the "IP Security" link in the resulting fly-out menu.
The IP Security Function employs a TCP Wrapper program which allows the use of
standard, Linux operators, wild cards and net/mask pairs to create a host based access
control list.
The IP Security configuration menus include "hosts.allow" and "hosts.deny" client lists.
Basically, when setting up IP Security, you must enter IP addresses for hosts that you
wish to allow in the Allow list, and addresses for hosts that you wish to deny in the Deny
list. Since Linux operators, wild cards and net/mask pairs are allowed, these lists can
indicate specific addresses, or a range of addresses to be allowed or denied.
When the IP Security feature is properly enabled, and a client attempts to connect, the
TSM/RSM will perform the following checks:
1. If the client’s IP address is found in the "hosts.allow" list, the client will be granted
immediate access. Once an IP address is found in the Allow list, the TSM/RSM will
not check the Deny list, and will assume you wish to allow that address to connect.
2. If the client’s IP address is not found in the Allow list, the TSM/RSM will then
proceed to check the Deny list.
3. If the client’s IP Address is found in the Deny list, the client willnot be allowed to
connect.
4. If the client’s IP Address isnot found in the Deny list, the client will be allowed to
connect, even if the address was not found in the Allow list.
Notes:
• IftheTSM/RSMfindsanIPAddressintheAllowlist,itwillnotchecktheDeny
list,andwillallowtheclienttoconnect.
• IfboththeAllowandDenylistsareleftblank,thentheIPSecurityfeaturewill
bedisabled,andallIPAddresseswillbeallowedtoconnect(providingthat
theproperpasswordand/orSSHkeyissupplied.)
• WhentheAllowandDenylistsaredefined,theuserisonlyallowedtospecify
theClientList;theDaemonListandShellCommandcannotbedefined.
To Next Page
Loading...
Need help?
General
