Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Block access to all IPs, but one + firewall admin problem

    Support
    networking firewall
    4
    5
    98
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • potemkin_ai
      potemkin_ai last edited by girish

      I was wondering if I could achieve blocking the access to the server for everyone, but one IP and added the following list via firewall interface, adding all networks - from 1 to 255 with an /8 mask (below).

      It was reflected accordingly at blocklist.txt, but I can't now get to the Cloudron admin part (https://my.server/) - it's just loading forever - 'Cloudron is offline, reconnecting'.

      The whole machine is also getting quite unresponsive.

      P.S. Admin page was nice enough, to make sure I didn't block the server address's network, so I don't believe that is the problem.

      Removing blocklist.txt and rebooting solved the issue, but I still don't know how to close the access to the server - any help would be much appreciated!

      1.0.0.0/8
2.0.0.0/8
3.0.0.0/8
4.0.0.0/8
5.0.0.0/8
6.0.0.0/8
7.0.0.0/8
8.0.0.0/8
9.0.0.0/8
10.0.0.0/8
11.0.0.0/8
12.0.0.0/8
13.0.0.0/8
14.0.0.0/8
15.0.0.0/8
16.0.0.0/8
17.0.0.0/8
18.0.0.0/8
19.0.0.0/8
20.0.0.0/8
21.0.0.0/8
22.0.0.0/8
23.0.0.0/8
24.0.0.0/8
25.0.0.0/8
26.0.0.0/8
27.0.0.0/8
28.0.0.0/8
29.0.0.0/8
30.0.0.0/8
31.0.0.0/8
32.0.0.0/8
33.0.0.0/8
34.0.0.0/8
35.0.0.0/8
36.0.0.0/8
37.0.0.0/8
38.0.0.0/8
39.0.0.0/8
40.0.0.0/8
41.0.0.0/8
42.0.0.0/8
43.0.0.0/8
44.0.0.0/8
45.0.0.0/8
46.0.0.0/8
47.0.0.0/8
48.0.0.0/8
49.0.0.0/8
50.0.0.0/8
51.0.0.0/8
52.0.0.0/8
53.0.0.0/8
54.0.0.0/8
55.0.0.0/8
56.0.0.0/8
57.0.0.0/8
58.0.0.0/8
59.0.0.0/8
60.0.0.0/8
61.0.0.0/8
62.0.0.0/8
63.0.0.0/8
64.0.0.0/8
65.0.0.0/8
66.0.0.0/8
67.0.0.0/8
68.0.0.0/8
69.0.0.0/8
70.0.0.0/8
71.0.0.0/8
72.0.0.0/8
73.0.0.0/8
74.0.0.0/8
75.0.0.0/8
76.0.0.0/8
77.0.0.0/8
78.0.0.0/8
79.0.0.0/8
80.0.0.0/8
81.0.0.0/8
82.0.0.0/8
83.0.0.0/8
84.0.0.0/8
85.0.0.0/8
86.0.0.0/8
87.0.0.0/8
88.0.0.0/8
89.0.0.0/8
90.0.0.0/8
91.0.0.0/8
92.0.0.0/8
93.0.0.0/8
94.0.0.0/8
95.0.0.0/8
96.0.0.0/8
97.0.0.0/8
98.0.0.0/8
99.0.0.0/8
100.0.0.0/8
101.0.0.0/8
102.0.0.0/8
103.0.0.0/8
104.0.0.0/8
105.0.0.0/8
106.0.0.0/8
107.0.0.0/8
108.0.0.0/8
109.0.0.0/8
110.0.0.0/8
111.0.0.0/8
112.0.0.0/8
113.0.0.0/8
114.0.0.0/8
115.0.0.0/8
116.0.0.0/8
117.0.0.0/8
118.0.0.0/8
119.0.0.0/8
120.0.0.0/8
121.0.0.0/8
122.0.0.0/8
123.0.0.0/8
124.0.0.0/8
125.0.0.0/8
126.0.0.0/8
127.0.0.0/8
128.0.0.0/8
129.0.0.0/8
130.0.0.0/8
131.0.0.0/8
132.0.0.0/8
133.0.0.0/8
134.0.0.0/8
135.0.0.0/8
136.0.0.0/8
137.0.0.0/8
138.0.0.0/8
139.0.0.0/8
140.0.0.0/8
141.0.0.0/8
142.0.0.0/8
143.0.0.0/8
144.0.0.0/8
145.0.0.0/8
146.0.0.0/8
147.0.0.0/8
148.0.0.0/8
149.0.0.0/8
150.0.0.0/8
151.0.0.0/8
152.0.0.0/8
153.0.0.0/8
154.0.0.0/8
155.0.0.0/8
156.0.0.0/8
157.0.0.0/8
158.0.0.0/8
159.0.0.0/8
160.0.0.0/8
161.0.0.0/8
162.0.0.0/8
163.0.0.0/8
164.0.0.0/8
165.0.0.0/8
166.0.0.0/8
167.0.0.0/8
168.0.0.0/8
169.0.0.0/8
170.0.0.0/8
171.0.0.0/8
172.0.0.0/8
173.0.0.0/8
174.0.0.0/8
175.0.0.0/8
176.0.0.0/8
177.0.0.0/8
179.0.0.0/8
180.0.0.0/8
181.0.0.0/8
182.0.0.0/8
183.0.0.0/8
184.0.0.0/8
185.0.0.0/8
186.0.0.0/8
187.0.0.0/8
188.0.0.0/8
189.0.0.0/8
190.0.0.0/8
191.0.0.0/8
192.0.0.0/8
193.0.0.0/8
194.0.0.0/8
195.0.0.0/8
196.0.0.0/8
197.0.0.0/8
198.0.0.0/8
199.0.0.0/8
200.0.0.0/8
201.0.0.0/8
202.0.0.0/8
203.0.0.0/8
204.0.0.0/8
205.0.0.0/8
206.0.0.0/8
207.0.0.0/8
208.0.0.0/8
209.0.0.0/8
210.0.0.0/8
211.0.0.0/8
212.0.0.0/8
213.0.0.0/8
214.0.0.0/8
215.0.0.0/8
216.0.0.0/8
217.0.0.0/8
218.0.0.0/8
219.0.0.0/8
220.0.0.0/8
221.0.0.0/8
222.0.0.0/8
223.0.0.0/8
224.0.0.0/8
225.0.0.0/8
226.0.0.0/8
227.0.0.0/8
228.0.0.0/8
229.0.0.0/8
230.0.0.0/8
231.0.0.0/8
232.0.0.0/8
233.0.0.0/8
234.0.0.0/8
235.0.0.0/8
236.0.0.0/8
237.0.0.0/8
238.0.0.0/8
239.0.0.0/8
240.0.0.0/8
241.0.0.0/8
242.0.0.0/8
243.0.0.0/8
244.0.0.0/8
245.0.0.0/8
246.0.0.0/8
247.0.0.0/8
248.0.0.0/8
249.0.0.0/8
250.0.0.0/8
251.0.0.0/8
252.0.0.0/8
253.0.0.0/8
254.0.0.0/8
255.0.0.0/8
      girish 1 Reply Last reply Reply Quote 0
      • robi
        robi last edited by

        You probably shouldn't block your default route, docker networks and the broadcast domain.

        Life of Gratitude.
        Life of CT Gifts

        1 Reply Last reply Reply Quote 0
        • girish
          girish Staff @potemkin_ai last edited by

          @potemkin_ai I think your approach to blocking will work. I think the issue is that iptables/ipset becomes quite slow when you add a lot of IP addresses. If you are hosting on a VPS, it might be better to use your infrastructure provider's firewall instead.

          1 Reply Last reply Reply Quote 0
          • jimcavoli
            jimcavoli App Dev last edited by

            Maybe it's because of the brilliant person who posted the request, but it strikes me that mutual TLS optionally and globally on the frontside reverse proxy is a more elegant way to achieve a similar result: https://forum.cloudron.io/topic/3826/support-optional-global-https-mutual-tls-certificate-based-authentication

            1 Reply Last reply Reply Quote 1
            • potemkin_ai
              potemkin_ai last edited by

              Apologies for the delay in getting back - somehow I didn't get a notification of the response.

              I worked thins around using routing rules - IP is open to the world, but all of the traffic goes via VLAN router, which has nothing, but NAT and ufw, so that's managed that way.

              Speaking about server performance - I doubt that's the cause, it's quite a powerful virtual server.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post