Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Block access to all IPs, but one + firewall admin problem

    Support
    firewall networking
    4
    4
    51
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • potemkin_ai
      potemkin_ai last edited by girish

      I was wondering if I could achieve blocking the access to the server for everyone, but one IP and added the following list via firewall interface, adding all networks - from 1 to 255 with an /8 mask (below).

      It was reflected accordingly at blocklist.txt, but I can't now get to the Cloudron admin part (https://my.server/) - it's just loading forever - 'Cloudron is offline, reconnecting'.

      The whole machine is also getting quite unresponsive.

      P.S. Admin page was nice enough, to make sure I didn't block the server address's network, so I don't believe that is the problem.

      Removing blocklist.txt and rebooting solved the issue, but I still don't know how to close the access to the server - any help would be much appreciated!

      1.0.0.0/8
      2.0.0.0/8
      3.0.0.0/8
      4.0.0.0/8
      5.0.0.0/8
      6.0.0.0/8
      7.0.0.0/8
      8.0.0.0/8
      9.0.0.0/8
      10.0.0.0/8
      11.0.0.0/8
      12.0.0.0/8
      13.0.0.0/8
      14.0.0.0/8
      15.0.0.0/8
      16.0.0.0/8
      17.0.0.0/8
      18.0.0.0/8
      19.0.0.0/8
      20.0.0.0/8
      21.0.0.0/8
      22.0.0.0/8
      23.0.0.0/8
      24.0.0.0/8
      25.0.0.0/8
      26.0.0.0/8
      27.0.0.0/8
      28.0.0.0/8
      29.0.0.0/8
      30.0.0.0/8
      31.0.0.0/8
      32.0.0.0/8
      33.0.0.0/8
      34.0.0.0/8
      35.0.0.0/8
      36.0.0.0/8
      37.0.0.0/8
      38.0.0.0/8
      39.0.0.0/8
      40.0.0.0/8
      41.0.0.0/8
      42.0.0.0/8
      43.0.0.0/8
      44.0.0.0/8
      45.0.0.0/8
      46.0.0.0/8
      47.0.0.0/8
      48.0.0.0/8
      49.0.0.0/8
      50.0.0.0/8
      51.0.0.0/8
      52.0.0.0/8
      53.0.0.0/8
      54.0.0.0/8
      55.0.0.0/8
      56.0.0.0/8
      57.0.0.0/8
      58.0.0.0/8
      59.0.0.0/8
      60.0.0.0/8
      61.0.0.0/8
      62.0.0.0/8
      63.0.0.0/8
      64.0.0.0/8
      65.0.0.0/8
      66.0.0.0/8
      67.0.0.0/8
      68.0.0.0/8
      69.0.0.0/8
      70.0.0.0/8
      71.0.0.0/8
      72.0.0.0/8
      73.0.0.0/8
      74.0.0.0/8
      75.0.0.0/8
      76.0.0.0/8
      77.0.0.0/8
      78.0.0.0/8
      79.0.0.0/8
      80.0.0.0/8
      81.0.0.0/8
      82.0.0.0/8
      83.0.0.0/8
      84.0.0.0/8
      85.0.0.0/8
      86.0.0.0/8
      87.0.0.0/8
      88.0.0.0/8
      89.0.0.0/8
      90.0.0.0/8
      91.0.0.0/8
      92.0.0.0/8
      93.0.0.0/8
      94.0.0.0/8
      95.0.0.0/8
      96.0.0.0/8
      97.0.0.0/8
      98.0.0.0/8
      99.0.0.0/8
      100.0.0.0/8
      101.0.0.0/8
      102.0.0.0/8
      103.0.0.0/8
      104.0.0.0/8
      105.0.0.0/8
      106.0.0.0/8
      107.0.0.0/8
      108.0.0.0/8
      109.0.0.0/8
      110.0.0.0/8
      111.0.0.0/8
      112.0.0.0/8
      113.0.0.0/8
      114.0.0.0/8
      115.0.0.0/8
      116.0.0.0/8
      117.0.0.0/8
      118.0.0.0/8
      119.0.0.0/8
      120.0.0.0/8
      121.0.0.0/8
      122.0.0.0/8
      123.0.0.0/8
      124.0.0.0/8
      125.0.0.0/8
      126.0.0.0/8
      127.0.0.0/8
      128.0.0.0/8
      129.0.0.0/8
      130.0.0.0/8
      131.0.0.0/8
      132.0.0.0/8
      133.0.0.0/8
      134.0.0.0/8
      135.0.0.0/8
      136.0.0.0/8
      137.0.0.0/8
      138.0.0.0/8
      139.0.0.0/8
      140.0.0.0/8
      141.0.0.0/8
      142.0.0.0/8
      143.0.0.0/8
      144.0.0.0/8
      145.0.0.0/8
      146.0.0.0/8
      147.0.0.0/8
      148.0.0.0/8
      149.0.0.0/8
      150.0.0.0/8
      151.0.0.0/8
      152.0.0.0/8
      153.0.0.0/8
      154.0.0.0/8
      155.0.0.0/8
      156.0.0.0/8
      157.0.0.0/8
      158.0.0.0/8
      159.0.0.0/8
      160.0.0.0/8
      161.0.0.0/8
      162.0.0.0/8
      163.0.0.0/8
      164.0.0.0/8
      165.0.0.0/8
      166.0.0.0/8
      167.0.0.0/8
      168.0.0.0/8
      169.0.0.0/8
      170.0.0.0/8
      171.0.0.0/8
      172.0.0.0/8
      173.0.0.0/8
      174.0.0.0/8
      175.0.0.0/8
      176.0.0.0/8
      177.0.0.0/8
      179.0.0.0/8
      180.0.0.0/8
      181.0.0.0/8
      182.0.0.0/8
      183.0.0.0/8
      184.0.0.0/8
      185.0.0.0/8
      186.0.0.0/8
      187.0.0.0/8
      188.0.0.0/8
      189.0.0.0/8
      190.0.0.0/8
      191.0.0.0/8
      192.0.0.0/8
      193.0.0.0/8
      194.0.0.0/8
      195.0.0.0/8
      196.0.0.0/8
      197.0.0.0/8
      198.0.0.0/8
      199.0.0.0/8
      200.0.0.0/8
      201.0.0.0/8
      202.0.0.0/8
      203.0.0.0/8
      204.0.0.0/8
      205.0.0.0/8
      206.0.0.0/8
      207.0.0.0/8
      208.0.0.0/8
      209.0.0.0/8
      210.0.0.0/8
      211.0.0.0/8
      212.0.0.0/8
      213.0.0.0/8
      214.0.0.0/8
      215.0.0.0/8
      216.0.0.0/8
      217.0.0.0/8
      218.0.0.0/8
      219.0.0.0/8
      220.0.0.0/8
      221.0.0.0/8
      222.0.0.0/8
      223.0.0.0/8
      224.0.0.0/8
      225.0.0.0/8
      226.0.0.0/8
      227.0.0.0/8
      228.0.0.0/8
      229.0.0.0/8
      230.0.0.0/8
      231.0.0.0/8
      232.0.0.0/8
      233.0.0.0/8
      234.0.0.0/8
      235.0.0.0/8
      236.0.0.0/8
      237.0.0.0/8
      238.0.0.0/8
      239.0.0.0/8
      240.0.0.0/8
      241.0.0.0/8
      242.0.0.0/8
      243.0.0.0/8
      244.0.0.0/8
      245.0.0.0/8
      246.0.0.0/8
      247.0.0.0/8
      248.0.0.0/8
      249.0.0.0/8
      250.0.0.0/8
      251.0.0.0/8
      252.0.0.0/8
      253.0.0.0/8
      254.0.0.0/8
      255.0.0.0/8
      
      girish 1 Reply Last reply Reply Quote 0
      • robi
        robi last edited by

        You probably shouldn't block your default route, docker networks and the broadcast domain.

        1 Reply Last reply Reply Quote 0
        • girish
          girish Staff @potemkin_ai last edited by

          @potemkin_ai I think your approach to blocking will work. I think the issue is that iptables/ipset becomes quite slow when you add a lot of IP addresses. If you are hosting on a VPS, it might be better to use your infrastructure provider's firewall instead.

          1 Reply Last reply Reply Quote 0
          • jimcavoli
            jimcavoli App Dev last edited by

            Maybe it's because of the brilliant person who posted the request, but it strikes me that mutual TLS optionally and globally on the frontside reverse proxy is a more elegant way to achieve a similar result: https://forum.cloudron.io/topic/3826/support-optional-global-https-mutual-tls-certificate-based-authentication

            1 Reply Last reply Reply Quote 1
            • First post
              Last post