Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Block access to all IPs, but one + firewall admin problem

Block access to all IPs, but one + firewall admin problem

Scheduled Pinned Locked Moved Solved Support
networkingfirewall
8 Posts 6 Posters 1.4k Views 6 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • potemkin_aiP Offline
      potemkin_aiP Offline
      potemkin_ai
      wrote on last edited by girish
      #1

      I was wondering if I could achieve blocking the access to the server for everyone, but one IP and added the following list via firewall interface, adding all networks - from 1 to 255 with an /8 mask (below).

      It was reflected accordingly at blocklist.txt, but I can't now get to the Cloudron admin part (https://my.server/) - it's just loading forever - 'Cloudron is offline, reconnecting'.

      The whole machine is also getting quite unresponsive.

      P.S. Admin page was nice enough, to make sure I didn't block the server address's network, so I don't believe that is the problem.

      Removing blocklist.txt and rebooting solved the issue, but I still don't know how to close the access to the server - any help would be much appreciated!

      1.0.0.0/8
      2.0.0.0/8
      3.0.0.0/8
      4.0.0.0/8
      5.0.0.0/8
      6.0.0.0/8
      7.0.0.0/8
      8.0.0.0/8
      9.0.0.0/8
      10.0.0.0/8
      11.0.0.0/8
      12.0.0.0/8
      13.0.0.0/8
      14.0.0.0/8
      15.0.0.0/8
      16.0.0.0/8
      17.0.0.0/8
      18.0.0.0/8
      19.0.0.0/8
      20.0.0.0/8
      21.0.0.0/8
      22.0.0.0/8
      23.0.0.0/8
      24.0.0.0/8
      25.0.0.0/8
      26.0.0.0/8
      27.0.0.0/8
      28.0.0.0/8
      29.0.0.0/8
      30.0.0.0/8
      31.0.0.0/8
      32.0.0.0/8
      33.0.0.0/8
      34.0.0.0/8
      35.0.0.0/8
      36.0.0.0/8
      37.0.0.0/8
      38.0.0.0/8
      39.0.0.0/8
      40.0.0.0/8
      41.0.0.0/8
      42.0.0.0/8
      43.0.0.0/8
      44.0.0.0/8
      45.0.0.0/8
      46.0.0.0/8
      47.0.0.0/8
      48.0.0.0/8
      49.0.0.0/8
      50.0.0.0/8
      51.0.0.0/8
      52.0.0.0/8
      53.0.0.0/8
      54.0.0.0/8
      55.0.0.0/8
      56.0.0.0/8
      57.0.0.0/8
      58.0.0.0/8
      59.0.0.0/8
      60.0.0.0/8
      61.0.0.0/8
      62.0.0.0/8
      63.0.0.0/8
      64.0.0.0/8
      65.0.0.0/8
      66.0.0.0/8
      67.0.0.0/8
      68.0.0.0/8
      69.0.0.0/8
      70.0.0.0/8
      71.0.0.0/8
      72.0.0.0/8
      73.0.0.0/8
      74.0.0.0/8
      75.0.0.0/8
      76.0.0.0/8
      77.0.0.0/8
      78.0.0.0/8
      79.0.0.0/8
      80.0.0.0/8
      81.0.0.0/8
      82.0.0.0/8
      83.0.0.0/8
      84.0.0.0/8
      85.0.0.0/8
      86.0.0.0/8
      87.0.0.0/8
      88.0.0.0/8
      89.0.0.0/8
      90.0.0.0/8
      91.0.0.0/8
      92.0.0.0/8
      93.0.0.0/8
      94.0.0.0/8
      95.0.0.0/8
      96.0.0.0/8
      97.0.0.0/8
      98.0.0.0/8
      99.0.0.0/8
      100.0.0.0/8
      101.0.0.0/8
      102.0.0.0/8
      103.0.0.0/8
      104.0.0.0/8
      105.0.0.0/8
      106.0.0.0/8
      107.0.0.0/8
      108.0.0.0/8
      109.0.0.0/8
      110.0.0.0/8
      111.0.0.0/8
      112.0.0.0/8
      113.0.0.0/8
      114.0.0.0/8
      115.0.0.0/8
      116.0.0.0/8
      117.0.0.0/8
      118.0.0.0/8
      119.0.0.0/8
      120.0.0.0/8
      121.0.0.0/8
      122.0.0.0/8
      123.0.0.0/8
      124.0.0.0/8
      125.0.0.0/8
      126.0.0.0/8
      127.0.0.0/8
      128.0.0.0/8
      129.0.0.0/8
      130.0.0.0/8
      131.0.0.0/8
      132.0.0.0/8
      133.0.0.0/8
      134.0.0.0/8
      135.0.0.0/8
      136.0.0.0/8
      137.0.0.0/8
      138.0.0.0/8
      139.0.0.0/8
      140.0.0.0/8
      141.0.0.0/8
      142.0.0.0/8
      143.0.0.0/8
      144.0.0.0/8
      145.0.0.0/8
      146.0.0.0/8
      147.0.0.0/8
      148.0.0.0/8
      149.0.0.0/8
      150.0.0.0/8
      151.0.0.0/8
      152.0.0.0/8
      153.0.0.0/8
      154.0.0.0/8
      155.0.0.0/8
      156.0.0.0/8
      157.0.0.0/8
      158.0.0.0/8
      159.0.0.0/8
      160.0.0.0/8
      161.0.0.0/8
      162.0.0.0/8
      163.0.0.0/8
      164.0.0.0/8
      165.0.0.0/8
      166.0.0.0/8
      167.0.0.0/8
      168.0.0.0/8
      169.0.0.0/8
      170.0.0.0/8
      171.0.0.0/8
      172.0.0.0/8
      173.0.0.0/8
      174.0.0.0/8
      175.0.0.0/8
      176.0.0.0/8
      177.0.0.0/8
      179.0.0.0/8
      180.0.0.0/8
      181.0.0.0/8
      182.0.0.0/8
      183.0.0.0/8
      184.0.0.0/8
      185.0.0.0/8
      186.0.0.0/8
      187.0.0.0/8
      188.0.0.0/8
      189.0.0.0/8
      190.0.0.0/8
      191.0.0.0/8
      192.0.0.0/8
      193.0.0.0/8
      194.0.0.0/8
      195.0.0.0/8
      196.0.0.0/8
      197.0.0.0/8
      198.0.0.0/8
      199.0.0.0/8
      200.0.0.0/8
      201.0.0.0/8
      202.0.0.0/8
      203.0.0.0/8
      204.0.0.0/8
      205.0.0.0/8
      206.0.0.0/8
      207.0.0.0/8
      208.0.0.0/8
      209.0.0.0/8
      210.0.0.0/8
      211.0.0.0/8
      212.0.0.0/8
      213.0.0.0/8
      214.0.0.0/8
      215.0.0.0/8
      216.0.0.0/8
      217.0.0.0/8
      218.0.0.0/8
      219.0.0.0/8
      220.0.0.0/8
      221.0.0.0/8
      222.0.0.0/8
      223.0.0.0/8
      224.0.0.0/8
      225.0.0.0/8
      226.0.0.0/8
      227.0.0.0/8
      228.0.0.0/8
      229.0.0.0/8
      230.0.0.0/8
      231.0.0.0/8
      232.0.0.0/8
      233.0.0.0/8
      234.0.0.0/8
      235.0.0.0/8
      236.0.0.0/8
      237.0.0.0/8
      238.0.0.0/8
      239.0.0.0/8
      240.0.0.0/8
      241.0.0.0/8
      242.0.0.0/8
      243.0.0.0/8
      244.0.0.0/8
      245.0.0.0/8
      246.0.0.0/8
      247.0.0.0/8
      248.0.0.0/8
      249.0.0.0/8
      250.0.0.0/8
      251.0.0.0/8
      252.0.0.0/8
      253.0.0.0/8
      254.0.0.0/8
      255.0.0.0/8
      
      girishG 1 Reply Last reply
      0
      • robiR Offline
        robiR Offline
        robi
        wrote on last edited by
        #2

        You probably shouldn't block your default route, docker networks and the broadcast domain.

        Conscious tech

        1 Reply Last reply
        0
        • potemkin_aiP potemkin_ai

          I was wondering if I could achieve blocking the access to the server for everyone, but one IP and added the following list via firewall interface, adding all networks - from 1 to 255 with an /8 mask (below).

          It was reflected accordingly at blocklist.txt, but I can't now get to the Cloudron admin part (https://my.server/) - it's just loading forever - 'Cloudron is offline, reconnecting'.

          The whole machine is also getting quite unresponsive.

          P.S. Admin page was nice enough, to make sure I didn't block the server address's network, so I don't believe that is the problem.

          Removing blocklist.txt and rebooting solved the issue, but I still don't know how to close the access to the server - any help would be much appreciated!

          1.0.0.0/8
          2.0.0.0/8
          3.0.0.0/8
          4.0.0.0/8
          5.0.0.0/8
          6.0.0.0/8
          7.0.0.0/8
          8.0.0.0/8
          9.0.0.0/8
          10.0.0.0/8
          11.0.0.0/8
          12.0.0.0/8
          13.0.0.0/8
          14.0.0.0/8
          15.0.0.0/8
          16.0.0.0/8
          17.0.0.0/8
          18.0.0.0/8
          19.0.0.0/8
          20.0.0.0/8
          21.0.0.0/8
          22.0.0.0/8
          23.0.0.0/8
          24.0.0.0/8
          25.0.0.0/8
          26.0.0.0/8
          27.0.0.0/8
          28.0.0.0/8
          29.0.0.0/8
          30.0.0.0/8
          31.0.0.0/8
          32.0.0.0/8
          33.0.0.0/8
          34.0.0.0/8
          35.0.0.0/8
          36.0.0.0/8
          37.0.0.0/8
          38.0.0.0/8
          39.0.0.0/8
          40.0.0.0/8
          41.0.0.0/8
          42.0.0.0/8
          43.0.0.0/8
          44.0.0.0/8
          45.0.0.0/8
          46.0.0.0/8
          47.0.0.0/8
          48.0.0.0/8
          49.0.0.0/8
          50.0.0.0/8
          51.0.0.0/8
          52.0.0.0/8
          53.0.0.0/8
          54.0.0.0/8
          55.0.0.0/8
          56.0.0.0/8
          57.0.0.0/8
          58.0.0.0/8
          59.0.0.0/8
          60.0.0.0/8
          61.0.0.0/8
          62.0.0.0/8
          63.0.0.0/8
          64.0.0.0/8
          65.0.0.0/8
          66.0.0.0/8
          67.0.0.0/8
          68.0.0.0/8
          69.0.0.0/8
          70.0.0.0/8
          71.0.0.0/8
          72.0.0.0/8
          73.0.0.0/8
          74.0.0.0/8
          75.0.0.0/8
          76.0.0.0/8
          77.0.0.0/8
          78.0.0.0/8
          79.0.0.0/8
          80.0.0.0/8
          81.0.0.0/8
          82.0.0.0/8
          83.0.0.0/8
          84.0.0.0/8
          85.0.0.0/8
          86.0.0.0/8
          87.0.0.0/8
          88.0.0.0/8
          89.0.0.0/8
          90.0.0.0/8
          91.0.0.0/8
          92.0.0.0/8
          93.0.0.0/8
          94.0.0.0/8
          95.0.0.0/8
          96.0.0.0/8
          97.0.0.0/8
          98.0.0.0/8
          99.0.0.0/8
          100.0.0.0/8
          101.0.0.0/8
          102.0.0.0/8
          103.0.0.0/8
          104.0.0.0/8
          105.0.0.0/8
          106.0.0.0/8
          107.0.0.0/8
          108.0.0.0/8
          109.0.0.0/8
          110.0.0.0/8
          111.0.0.0/8
          112.0.0.0/8
          113.0.0.0/8
          114.0.0.0/8
          115.0.0.0/8
          116.0.0.0/8
          117.0.0.0/8
          118.0.0.0/8
          119.0.0.0/8
          120.0.0.0/8
          121.0.0.0/8
          122.0.0.0/8
          123.0.0.0/8
          124.0.0.0/8
          125.0.0.0/8
          126.0.0.0/8
          127.0.0.0/8
          128.0.0.0/8
          129.0.0.0/8
          130.0.0.0/8
          131.0.0.0/8
          132.0.0.0/8
          133.0.0.0/8
          134.0.0.0/8
          135.0.0.0/8
          136.0.0.0/8
          137.0.0.0/8
          138.0.0.0/8
          139.0.0.0/8
          140.0.0.0/8
          141.0.0.0/8
          142.0.0.0/8
          143.0.0.0/8
          144.0.0.0/8
          145.0.0.0/8
          146.0.0.0/8
          147.0.0.0/8
          148.0.0.0/8
          149.0.0.0/8
          150.0.0.0/8
          151.0.0.0/8
          152.0.0.0/8
          153.0.0.0/8
          154.0.0.0/8
          155.0.0.0/8
          156.0.0.0/8
          157.0.0.0/8
          158.0.0.0/8
          159.0.0.0/8
          160.0.0.0/8
          161.0.0.0/8
          162.0.0.0/8
          163.0.0.0/8
          164.0.0.0/8
          165.0.0.0/8
          166.0.0.0/8
          167.0.0.0/8
          168.0.0.0/8
          169.0.0.0/8
          170.0.0.0/8
          171.0.0.0/8
          172.0.0.0/8
          173.0.0.0/8
          174.0.0.0/8
          175.0.0.0/8
          176.0.0.0/8
          177.0.0.0/8
          179.0.0.0/8
          180.0.0.0/8
          181.0.0.0/8
          182.0.0.0/8
          183.0.0.0/8
          184.0.0.0/8
          185.0.0.0/8
          186.0.0.0/8
          187.0.0.0/8
          188.0.0.0/8
          189.0.0.0/8
          190.0.0.0/8
          191.0.0.0/8
          192.0.0.0/8
          193.0.0.0/8
          194.0.0.0/8
          195.0.0.0/8
          196.0.0.0/8
          197.0.0.0/8
          198.0.0.0/8
          199.0.0.0/8
          200.0.0.0/8
          201.0.0.0/8
          202.0.0.0/8
          203.0.0.0/8
          204.0.0.0/8
          205.0.0.0/8
          206.0.0.0/8
          207.0.0.0/8
          208.0.0.0/8
          209.0.0.0/8
          210.0.0.0/8
          211.0.0.0/8
          212.0.0.0/8
          213.0.0.0/8
          214.0.0.0/8
          215.0.0.0/8
          216.0.0.0/8
          217.0.0.0/8
          218.0.0.0/8
          219.0.0.0/8
          220.0.0.0/8
          221.0.0.0/8
          222.0.0.0/8
          223.0.0.0/8
          224.0.0.0/8
          225.0.0.0/8
          226.0.0.0/8
          227.0.0.0/8
          228.0.0.0/8
          229.0.0.0/8
          230.0.0.0/8
          231.0.0.0/8
          232.0.0.0/8
          233.0.0.0/8
          234.0.0.0/8
          235.0.0.0/8
          236.0.0.0/8
          237.0.0.0/8
          238.0.0.0/8
          239.0.0.0/8
          240.0.0.0/8
          241.0.0.0/8
          242.0.0.0/8
          243.0.0.0/8
          244.0.0.0/8
          245.0.0.0/8
          246.0.0.0/8
          247.0.0.0/8
          248.0.0.0/8
          249.0.0.0/8
          250.0.0.0/8
          251.0.0.0/8
          252.0.0.0/8
          253.0.0.0/8
          254.0.0.0/8
          255.0.0.0/8
          
          girishG Do not disturb
          girishG Do not disturb
          girish
          Staff
          wrote on last edited by
          #3

          @potemkin_ai I think your approach to blocking will work. I think the issue is that iptables/ipset becomes quite slow when you add a lot of IP addresses. If you are hosting on a VPS, it might be better to use your infrastructure provider's firewall instead.

          1 Reply Last reply
          0
          • jimcavoliJ Offline
            jimcavoliJ Offline
            jimcavoli
            App Dev
            wrote on last edited by
            #4

            Maybe it's because of the brilliant person who posted the request, but it strikes me that mutual TLS optionally and globally on the frontside reverse proxy is a more elegant way to achieve a similar result: https://forum.cloudron.io/topic/3826/support-optional-global-https-mutual-tls-certificate-based-authentication

            1 Reply Last reply
            1
            • potemkin_aiP Offline
              potemkin_aiP Offline
              potemkin_ai
              wrote on last edited by
              #5

              Apologies for the delay in getting back - somehow I didn't get a notification of the response.

              I worked thins around using routing rules - IP is open to the world, but all of the traffic goes via VLAN router, which has nothing, but NAT and ufw, so that's managed that way.

              Speaking about server performance - I doubt that's the cause, it's quite a powerful virtual server.

              1 Reply Last reply
              0
              • neurokrishN Offline
                neurokrishN Offline
                neurokrish
                wrote on last edited by
                #6

                I have a similar request. Currently Cloudron allows only a block list (Blocked IPs & Ranges). Can we have an option to do the inverse? I mean, allow only what we want and block every other range? The use case is, for e.g. if I want my Cloudron to be accessed from only the country where I live. It will be easier to be able to add/remove countries vs. IP ranges (something like this will be super useful - https://support.sophos.com/support/s/article/KB-000034791?language=en_US)

                At the moment, since my instance is behind Cloudflare, I disallow traffic from all countries except mine in their firewall rules. Works OK this way too..

                d19dotcaD 1 Reply Last reply
                2
                • neurokrishN neurokrish

                  I have a similar request. Currently Cloudron allows only a block list (Blocked IPs & Ranges). Can we have an option to do the inverse? I mean, allow only what we want and block every other range? The use case is, for e.g. if I want my Cloudron to be accessed from only the country where I live. It will be easier to be able to add/remove countries vs. IP ranges (something like this will be super useful - https://support.sophos.com/support/s/article/KB-000034791?language=en_US)

                  At the moment, since my instance is behind Cloudflare, I disallow traffic from all countries except mine in their firewall rules. Works OK this way too..

                  d19dotcaD Offline
                  d19dotcaD Offline
                  d19dotca
                  wrote on last edited by
                  #7

                  @neurokrish said in Block access to all IPs, but one + firewall admin problem:

                  I have a similar request. Currently Cloudron allows only a block list (Blocked IPs & Ranges). Can we have an option to do the inverse? I mean, allow only what we want and block every other range? The use case is, for e.g. if I want my Cloudron to be accessed from only the country where I live. It will be easier to be able to add/remove countries vs. IP ranges (something like this will be super useful - https://support.sophos.com/support/s/article/KB-000034791?language=en_US)

                  At the moment, since my instance is behind Cloudflare, I disallow traffic from all countries except mine in their firewall rules. Works OK this way too..

                  I'd suggest creating a new feature request for your use-case.

                  --
                  Dustin Dauncey
                  www.d19.ca

                  1 Reply Last reply
                  3
                  • robiR Offline
                    robiR Offline
                    robi
                    wrote on last edited by
                    #8

                    There is an allow list file, but you have to access it from ssh. It should be in the docs.

                    Conscious tech

                    1 Reply Last reply
                    3
                    Reply
                    • Reply as topic
                    Log in to reply
                    • Oldest to Newest
                    • Newest to Oldest
                    • Most Votes


                      • Login

                      • Don't have an account? Register

                      • Login or register to search.
                      • First post
                        Last post
                      0
                      • Categories
                      • Recent
                      • Tags
                      • Popular
                      • Bookmarks
                      • Search